Skip to main content

Arcsight Logger CVE-2015-6863

HIGH
Improper Input Validation (CWE-20)
2016-01-16 cve@mitre.org
7.3
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
7.3 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

1
CVE Published
Jan 16, 2016 - 05:59 cve.org
HIGH 7.3

DescriptionCVE.org

HPE ArcSight Logger before 6.1P1 allows remote attackers to execute arbitrary code via unspecified input to the (1) Intellicus or (2) client-certificate upload component.

AnalysisAI

HPE ArcSight Logger before 6.1P1 allows remote attackers to execute arbitrary code via unspecified input to the (1) Intellicus or (2) client-certificate upload component. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-20. HPE ArcSight Logger before 6.1P1 allows remote attackers to execute arbitrary code via unspecified input to the (1) Intellicus or (2) client-certificate upload component. Affected products include: Hp Arcsight Logger. Version information: before 6.1.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2014-7884 CRITICAL POC
9.0 Mar 14

Multiple unspecified vulnerabilities in HP ArcSight Logger before 6.0P1 have unknown impact and remote authenticated att

CVE-2020-11851 CRITICAL
9.8 Nov 17

Arbitrary code execution vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. Rat

CVE-2019-3479 CRITICAL
9.8 Mar 25

Mitigates a potential remote code execution issue in ArcSight Logger versions prior to 6.7. Rated critical severity (CVS

CVE-2023-24470 CRITICAL
9.1 Jun 13

Potential XML External Entity Injection in ArcSight Logger versions prior to 7.3.0. Rated critical severity (CVSS 9.1),

CVE-2019-11657 HIGH
8.8 Dec 17

Cross-Site Request Forgery vulnerability in all Micro Focus ArcSight Logger affecting all product versions below version

CVE-2019-11655 HIGH
8.8 Oct 04

Unrestricted file upload vulnerability in Micro Focus ArcSight Logger, version 6.7.0 and later. Rated high severity (CVS

CVE-2019-3484 HIGH
7.8 Mar 25

Mitigates a remote code execution issue in ArcSight Logger versions prior to 6.7. Rated high severity (CVSS 7.8), this v

CVE-2022-26330 HIGH
7.5 Aug 31

Potential vulnerabilities have been identified in Micro Focus ArcSight Logger. Rated high severity (CVSS 7.5), this vuln

CVE-2015-6030 HIGH
7.2 Nov 04

HP ArcSight Logger 6.0.0.7307.1, ArcSight Command Center 6.8.0.1896.0, and ArcSight Connector Appliance 6.4.0.6881.3 use

CVE-2019-3481 HIGH
7.1 Mar 25

Mitigates a XML External Entity Parsing issue in ArcSight Logger versions prior to 6.7. Rated high severity (CVSS 7.1),

CVE-2012-5199 MEDIUM
6.8 Feb 16

Unspecified vulnerability in HP ArcSight Connector Appliance 6.3 and earlier and ArcSight Logger 5.2 and earlier allows

CVE-2012-3286 MEDIUM
6.5 Feb 16

Unspecified vulnerability in HP ArcSight Connector Appliance 6.3 and earlier and ArcSight Logger 5.2 and earlier allows

Share

CVE-2015-6863 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy