Improper Access Control in ArcSight ESM and ArcSight ESM Express
CVE-2017-13988

6.5MEDIUM

Key Information:

Vendor: HP
Status: Arcsight Enterprise Security Manager
Vendor: CVE Published:; 30 September 2017

What is CVE-2017-13988?

An improper access control flaw exists in ArcSight ESM and ArcSight ESM Express allowing unauthorized users to modify the maximum size of storage groups. Additionally, users can enable or disable the 'follow schedule' setting, which may lead to significant security risks and improper data management.

References

https://softwaresupport.hpe.com/km/KM02944672

x_refsource_CONFIRM

http://www.securityfocus.com/bid/100935

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 30, 2017
Vulnerability Reserved
Aug 30, 2017

HP

What is CVE-2017-13988?

References

CVSS V3.1

Timeline