Vulnerabilities > CVE-2012-3286 - Arbitrary Command Execution vulnerability in HP products
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Unspecified vulnerability in HP ArcSight Connector Appliance 6.3 and earlier and ArcSight Logger 5.2 and earlier allows remote authenticated users to obtain sensitive information, modify data, or cause a denial of service via unknown vectors.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 3 | |
Hardware | 3 | |
Application | 1 |
Nessus
NASL family | Misc. |
NASL id | ARCSIGHT_LOGGER_5_3_LOCAL.NASL |
description | According to its self-reported version number, the version of HP ArcSight Logger installed on the remote host is affected by the following vulnerabilities : - An error exists related to handling host file imports that could allow cross-site scripting attacks. (CVE-2012-2960) - An unspecified error exists that could allow a remote attacker to inject commands. (CVE-2012-3286) - An unspecified error exists that could allow unspecified information disclosure. (CVE-2012-5198) - An unspecified error exists that could allow a local attacker to inject commands. (CVE-2012-5199) |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 69444 |
published | 2013-07-11 |
reporter | This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/69444 |
title | HP ArcSight Logger < 5.3 Multiple Vulnerabilities (credentialed check) |