Security Flaw in HP ArcSight SmartConnectors Affects Device Authentication
CVE-2015-2902

Currently unrated

Key Information:

Vendor: HP
Status: Arcsight Smartconnectors
Vendor: CVE Published:; 4 November 2015

What is CVE-2015-2902?

The HP ArcSight SmartConnectors prior to version 7.1.6 are susceptible to a vulnerability that fails to properly validate X.509 certificates received from Logger devices. This oversight can be exploited by man-in-the-middle attackers, enabling them to masquerade as trusted devices and potentially intercept sensitive information through the use of specially crafted certificates.

References

http://www.kb.cert.org/vuls/id/350508

third-party-advisoryx_refsource_CERT-VN

http://www.securitytracker.com/id/1034078

vdb-entryx_refsource_SECTRACK

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId...

x_refsource_CONFIRM

Timeline

Vulnerability published
Nov 4, 2015
Vulnerability Reserved
Apr 3, 2015