Vulnerabilities > CVE-2012-5199 - Local Arbitrary Code Execution vulnerability in HP products

047910
CVSS 6.8 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
local
low complexity
hp
nessus

Summary

Unspecified vulnerability in HP ArcSight Connector Appliance 6.3 and earlier and ArcSight Logger 5.2 and earlier allows remote authenticated users to execute arbitrary code via unknown vectors.

Nessus

NASL familyMisc.
NASL idARCSIGHT_LOGGER_5_3_LOCAL.NASL
descriptionAccording to its self-reported version number, the version of HP ArcSight Logger installed on the remote host is affected by the following vulnerabilities : - An error exists related to handling host file imports that could allow cross-site scripting attacks. (CVE-2012-2960) - An unspecified error exists that could allow a remote attacker to inject commands. (CVE-2012-3286) - An unspecified error exists that could allow unspecified information disclosure. (CVE-2012-5198) - An unspecified error exists that could allow a local attacker to inject commands. (CVE-2012-5199)
last seen2020-06-01
modified2020-06-02
plugin id69444
published2013-07-11
reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/69444
titleHP ArcSight Logger < 5.3 Multiple Vulnerabilities (credentialed check)