Improper Access Control in ArcSight ESM and ArcSight ESM Express
CVE-2017-13988

6.5MEDIUM

Key Information:

Vendor: HP
Status: Arcsight Enterprise Security Manager
Vendor: CVE Published:; 30 September 2017

Summary

An improper access control flaw exists in ArcSight ESM and ArcSight ESM Express allowing unauthorized users to modify the maximum size of storage groups. Additionally, users can enable or disable the 'follow schedule' setting, which may lead to significant security risks and improper data management.

References

https://softwaresupport.hpe.com/km/KM02944672

x_refsource_CONFIRM

http://www.securityfocus.com/bid/100935

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 30, 2017
Vulnerability Reserved
Aug 30, 2017