SOAP Service Vulnerability in HP ArcSight SmartConnectors
CVE-2015-2903

Currently unrated

Key Information:

Vendor: HP
Status: Arcsight Smartconnectors
Vendor: CVE Published:; 4 November 2015

Summary

The CWSAPI SOAP service in HP ArcSight SmartConnectors prior to version 7.1.6 contains a hardcoded password that can be exploited by remote attackers. This design flaw simplifies unauthorized access to administrative functions, potentially compromising the security of the system. Attackers who are knowledgeable about this hardcoded password can easily gain administrative privileges, leading to severe risks for data integrity and system operations.

References

http://www.kb.cert.org/vuls/id/350508

third-party-advisoryx_refsource_CERT-VN

http://www.securitytracker.com/id/1034078

vdb-entryx_refsource_SECTRACK

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId...

x_refsource_CONFIRM

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Nov 4, 2015
Vulnerability Reserved
Apr 3, 2015