URL Redirection Vulnerability in HP ArcSight ESM
CVE-2017-14358

6.1MEDIUM

Key Information:

Vendor: Micro Focus
Status: HP Arcsight Esm; HP Arcsight Esm Express
Vendor: CVE Published:; 31 October 2017

🔔 Create Micro Focus Vulnerability Alert

What is CVE-2017-14358?

A vulnerability exists in HP ArcSight ESM and HP ArcSight ESM Express that could allow an attacker to exploit a URL redirection to an untrusted site. This issue affects any version of the product in the 6.x series that is prior to the specified patches, potentially exposing affected systems to phishing attacks and other malicious activities. Users and administrators should ensure they are running the latest patches to mitigate this risk.

Affected Version(s)

HP ArcSight ESM Any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1

HP ArcSight ESM Express Any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1

References

https://softwaresupport.hpe.com/km/KM02996760

x_refsource_CONFIRM

https://www.auscert.org.au/bulletins/54166

third-party-advisoryx_refsource_AUSCERT

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 31, 2017
Vulnerability Reserved
Sep 12, 2017