Vulnerabilities > CVE-2012-3286 - Arbitrary Command Execution vulnerability in HP products

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
hp
nessus

Summary

Unspecified vulnerability in HP ArcSight Connector Appliance 6.3 and earlier and ArcSight Logger 5.2 and earlier allows remote authenticated users to obtain sensitive information, modify data, or cause a denial of service via unknown vectors.

Nessus

NASL familyMisc.
NASL idARCSIGHT_LOGGER_5_3_LOCAL.NASL
descriptionAccording to its self-reported version number, the version of HP ArcSight Logger installed on the remote host is affected by the following vulnerabilities : - An error exists related to handling host file imports that could allow cross-site scripting attacks. (CVE-2012-2960) - An unspecified error exists that could allow a remote attacker to inject commands. (CVE-2012-3286) - An unspecified error exists that could allow unspecified information disclosure. (CVE-2012-5198) - An unspecified error exists that could allow a local attacker to inject commands. (CVE-2012-5199)
last seen2020-06-01
modified2020-06-02
plugin id69444
published2013-07-11
reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/69444
titleHP ArcSight Logger < 5.3 Multiple Vulnerabilities (credentialed check)