Vulnerabilities > HP > Arcsight Enterprise Security Manager > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-10-31 | CVE-2017-14358 | Open Redirect vulnerability in HP products A URL redirection to untrusted site vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. | 6.1 |
2017-10-31 | CVE-2017-14357 | Cross-site Scripting vulnerability in HP products A Reflected and Stored Cross-Site Scripting (XSS) vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. | 6.1 |
2017-09-30 | CVE-2017-13991 | Information Exposure vulnerability in HP products An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of product license features. | 5.3 |
2017-09-30 | CVE-2017-13990 | Information Exposure vulnerability in HP products An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of Apache Tomcat application server version. | 5.3 |
2017-09-30 | CVE-2017-13988 | Unspecified vulnerability in HP products An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to alter the maximum size of storage groups and enable/disable the setting for the 'follow schedule' function. | 6.5 |
2017-09-30 | CVE-2017-13987 | Unspecified vulnerability in HP products An insufficient access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows an unauthorized user to download log files. | 6.5 |
2017-09-30 | CVE-2017-13986 | Cross-site Scripting vulnerability in HP products A reflected Cross-Site Scripting(XSS) vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows for unintended information when a specific URL is sent to the system. | 6.1 |