SOAP Authentication Vulnerability in HP ArcSight Logger
CVE-2015-6029

Currently unrated

Key Information:

Vendor: HP
Status: Arcsight Logger
Vendor: CVE Published:; 4 November 2015

Summary

The vulnerability in HP ArcSight Logger occurs due to insufficient access controls on the SOAP interface. This flaw enables remote attackers to conduct brute-force attempts to authenticate, potentially gaining unauthorized access to sensitive data and system functionalities. Organizations using earlier versions of the product are especially at risk, as the lack of limits on authentication attempts makes it easier for attackers to compromise security. It is crucial for users to upgrade to secure versions to mitigate this risk effectively.

References

http://www.securityfocus.com/bid/77128

vdb-entryx_refsource_BID

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId...

x_refsource_CONFIRM

http://www.kb.cert.org/vuls/id/842252

third-party-advisoryx_refsource_CERT-VN

EPSS Score

10% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Nov 4, 2015
Vulnerability Reserved
Aug 14, 2015