Authorization Policy Bypass in HP ArcSight Logger
CVE-2015-2136

Currently unrated

Key Information:

Vendor: HP
Status: Arcsight Logger
Vendor: CVE Published:; 16 September 2015

Summary

The vulnerability in HP ArcSight Logger allows remote authenticated users to circumvent the authorization policies that are intended to restrict access. This issue arises from unspecified vectors within the system, leading to potential unauthorized actions by attackers. Organizations using vulnerable versions of HP ArcSight Logger should apply updates or implement compensating controls to mitigate exposure to this security flaw.

References

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/do...

x_refsource_CONFIRM

Timeline

Vulnerability published
Sep 16, 2015
Vulnerability Reserved
Feb 27, 2015