Skip to main content

Arcsight Enterprise Security Manager Express

10 CVEs product

Monthly

CVE-2020-9522 MEDIUM This Month

Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM) product, Affecting versions 7.0.x, 7.2 and 7.2.1 . Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Information Disclosure Arcsight Enterprise Security Manager Express
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2017-14358 MEDIUM This Month

A URL redirection to untrusted site vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect HP Arcsight Enterprise Security Manager Arcsight Enterprise Security Manager Express
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-14357 MEDIUM This Month

A Reflected and Stored Cross-Site Scripting (XSS) vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS HP Arcsight Enterprise Security Manager Arcsight Enterprise Security Manager Express
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2017-14356 CRITICAL Act Now

An SQL Injection vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP SQLi Arcsight Enterprise Security Manager Arcsight Enterprise Security Manager Express
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2017-13991 MEDIUM This Month

An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of product license features. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Arcsight Enterprise Security Manager Arcsight Enterprise Security Manager Express
NVD
CVSS 3.0
5.3
EPSS
0.6%
CVE-2017-13990 MEDIUM This Month

An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of Apache Tomcat application server version. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Apache Information Disclosure Arcsight Enterprise Security Manager Arcsight Enterprise Security Manager Express
NVD
CVSS 3.0
5.3
EPSS
0.6%
CVE-2017-13989 HIGH This Week

An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to retrieve or modify storage. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Arcsight Enterprise Security Manager Arcsight Enterprise Security Manager Express
NVD
CVSS 3.0
8.1
EPSS
0.3%
CVE-2017-13988 MEDIUM This Month

An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to alter the maximum size of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Arcsight Enterprise Security Manager Arcsight Enterprise Security Manager Express
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-13987 MEDIUM This Month

An insufficient access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows an unauthorized user to download log files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Arcsight Enterprise Security Manager Arcsight Enterprise Security Manager Express
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-13986 MEDIUM This Month

A reflected Cross-Site Scripting(XSS) vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows for unintended information when a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Arcsight Enterprise Security Manager Arcsight Enterprise Security Manager Express
NVD
CVSS 3.0
6.1
EPSS
0.4%
EPSS 1% CVSS 6.1
MEDIUM This Month

Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM) product, Affecting versions 7.0.x, 7.2 and 7.2.1 . Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Information Disclosure Arcsight Enterprise Security Manager Express
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

A URL redirection to untrusted site vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect HP Arcsight Enterprise Security Manager +1
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

A Reflected and Stored Cross-Site Scripting (XSS) vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS HP Arcsight Enterprise Security Manager +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

An SQL Injection vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP SQLi Arcsight Enterprise Security Manager +1
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of product license features. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Arcsight Enterprise Security Manager Arcsight Enterprise Security Manager Express
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of Apache Tomcat application server version. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Apache Information Disclosure +2
NVD
EPSS 0% CVSS 8.1
HIGH This Week

An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to retrieve or modify storage. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Arcsight Enterprise Security Manager Arcsight Enterprise Security Manager Express
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to alter the maximum size of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Arcsight Enterprise Security Manager Arcsight Enterprise Security Manager Express
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

An insufficient access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows an unauthorized user to download log files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Arcsight Enterprise Security Manager Arcsight Enterprise Security Manager Express
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

A reflected Cross-Site Scripting(XSS) vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows for unintended information when a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Arcsight Enterprise Security Manager Arcsight Enterprise Security Manager Express
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy