Vulnerabilities > CVE-2016-1991 - Unspecified vulnerability in Microfocus Arcsight Enterprise Security Manager
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows remote authenticated users to conduct unspecified "file download" attacks via unknown vectors.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 5 |
Nessus
| NASL family | Misc. |
| NASL id | HP_ARCSIGHT_HPSBGN03556.NASL |
| description | According to its self-reported version number, the version of HP ArcSight Enterprise Security Manager (ESM) installed on the remote host is prior to 5.6, 6.0, 6.5.1.1845.0 (6.5c SP1 P2), or 6.8.0.1896 (6.8c). It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists that allows a local attacker to execute arbitrary commands. (CVE-2016-1990) - An unspecified flaw exists that allows an authenticated, remote attacker to upload arbitrary files. (CVE-2016-1991) |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 90313 |
| published | 2016-04-01 |
| reporter | This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/90313 |
| title | HP ArcSight ESM < 5.6 / 6.0 / 6.5c SP1 P2 / 6.8c Multiple Vulnerabilities |