Improper Access Control in ArcSight ESM and ESM Express by Micro Focus
CVE-2017-13989

8.1HIGH

Key Information:

Vendor: HP
Status: Arcsight Enterprise Security Manager
Vendor: CVE Published:; 30 September 2017

Summary

An improper access control vulnerability exists in ArcSight ESM and ArcSight ESM Express, affecting any version 6.x prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This flaw allows unauthorized users to access and modify sensitive storage information, potentially leading to unauthorized data exposure and manipulation.

References

https://softwaresupport.hpe.com/km/KM02944672

x_refsource_CONFIRM

http://www.securityfocus.com/bid/100935

vdb-entryx_refsource_BID

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 30, 2017
Vulnerability Reserved
Aug 30, 2017