Vulnerabilities > HP > Arcsight Enterprise Security Manager Express > 6.9.0c

DATE	CVE	VULNERABILITY TITLE	RISK
2017-10-31	CVE-2017-14358	Open Redirect vulnerability in HP products A URL redirection to untrusted site vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. network low complexity hp CWE-601	6.1
2017-10-31	CVE-2017-14357	Cross-site Scripting vulnerability in HP products A Reflected and Stored Cross-Site Scripting (XSS) vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. network low complexity hp CWE-79	6.1
2017-10-31	CVE-2017-14356	SQL Injection vulnerability in HP products An SQL Injection vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. network low complexity hp CWE-89 critical	9.8

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.