Vulnerabilities > CVE-2012-5199 - Local Arbitrary Code Execution vulnerability in HP products
Attack vector
LOCAL Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Unspecified vulnerability in HP ArcSight Connector Appliance 6.3 and earlier and ArcSight Logger 5.2 and earlier allows remote authenticated users to execute arbitrary code via unknown vectors.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 3 | |
Hardware | 3 | |
Application | 1 |
Nessus
NASL family | Misc. |
NASL id | ARCSIGHT_LOGGER_5_3_LOCAL.NASL |
description | According to its self-reported version number, the version of HP ArcSight Logger installed on the remote host is affected by the following vulnerabilities : - An error exists related to handling host file imports that could allow cross-site scripting attacks. (CVE-2012-2960) - An unspecified error exists that could allow a remote attacker to inject commands. (CVE-2012-3286) - An unspecified error exists that could allow unspecified information disclosure. (CVE-2012-5198) - An unspecified error exists that could allow a local attacker to inject commands. (CVE-2012-5199) |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 69444 |
published | 2013-07-11 |
reporter | This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/69444 |
title | HP ArcSight Logger < 5.3 Multiple Vulnerabilities (credentialed check) |