Reflected and Stored XSS Vulnerability in HP ArcSight ESM
CVE-2017-14357

6.1MEDIUM

Key Information:

Vendor: Micro Focus
Status: HP Arcsight Esm; HP Arcsight Esm Express
Vendor: CVE Published:; 30 October 2017

🔔 Create Micro Focus Vulnerability Alert

What is CVE-2017-14357?

A Reflected and Stored Cross-Site Scripting (XSS) vulnerability has been identified in HP ArcSight ESM and HP ArcSight ESM Express. This issue affects any 6.x version prior to 6.9.1c Patch 4 and 6.11.0 Patch 1. Attackers can exploit this vulnerability remotely, allowing malicious scripts to be injected and executed in users' browsers, posing significant risks to data integrity and user security.

Affected Version(s)

HP ArcSight ESM Any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1

HP ArcSight ESM Express Any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1

References

https://softwaresupport.hpe.com/km/KM02996760

x_refsource_CONFIRM

https://www.auscert.org.au/bulletins/54166

third-party-advisoryx_refsource_AUSCERT

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 30, 2017
Vulnerability Reserved
Sep 12, 2017