Skip to main content

Arcsight Enterprise Security Manager CVE-2017-14357

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2017-10-31 security@opentext.com
6.1
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Oct 31, 2017 - 15:29 cve.org
MEDIUM 6.1

DescriptionCVE.org

A Reflected and Stored Cross-Site Scripting (XSS) vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow Reflected and Stored Cross-Site Scripting (XSS)

AnalysisAI

A Reflected and Stored Cross-Site Scripting (XSS) vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. A Reflected and Stored Cross-Site Scripting (XSS) vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow Reflected and Stored Cross-Site Scripting (XSS) Affected products include: Hp Arcsight Enterprise Security Manager, Hp Arcsight Enterprise Security Manager Express. Version information: prior to 6.9.1.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2014-7885 CRITICAL
10.0 Mar 14

Multiple unspecified vulnerabilities in HP ArcSight Enterprise Security Manager (ESM) before 6.8c have unknown impact an

CVE-2017-14356 CRITICAL
9.8 Oct 31

An SQL Injection vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch

CVE-2021-38124 CRITICAL
9.8 Sep 28

Remote Code Execution vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM) product, affecting version

CVE-2017-13989 HIGH
8.1 Sep 30

An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch

CVE-2016-1991 HIGH
8.0 Mar 16

HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before

CVE-2016-1990 HIGH
7.8 Mar 16

HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before

CVE-2015-6030 HIGH
7.2 Nov 04

HP ArcSight Logger 6.0.0.7307.1, ArcSight Command Center 6.8.0.1896.0, and ArcSight Connector Appliance 6.4.0.6881.3 use

CVE-2017-13987 MEDIUM
6.5 Sep 30

An insufficient access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c P

CVE-2017-13988 MEDIUM
6.5 Sep 30

An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch

CVE-2017-13986 MEDIUM
6.1 Sep 30

A reflected Cross-Site Scripting(XSS) vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6

CVE-2017-14358 MEDIUM
6.1 Oct 31

A URL redirection to untrusted site vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version pri

CVE-2017-13991 MEDIUM
5.3 Sep 30

An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 o

Share

CVE-2017-14357 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy