Vulnerabilities > HP > Arcsight Enterprise Security Manager > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-10-31 CVE-2017-14358 Open Redirect vulnerability in HP products
A URL redirection to untrusted site vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1.
network
low complexity
hp CWE-601
6.1
2017-10-31 CVE-2017-14357 Cross-site Scripting vulnerability in HP products
A Reflected and Stored Cross-Site Scripting (XSS) vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1.
network
low complexity
hp CWE-79
6.1
2017-09-30 CVE-2017-13991 Information Exposure vulnerability in HP products
An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of product license features.
network
low complexity
hp CWE-200
5.3
2017-09-30 CVE-2017-13990 Information Exposure vulnerability in HP products
An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of Apache Tomcat application server version.
network
low complexity
hp CWE-200
5.3
2017-09-30 CVE-2017-13988 Unspecified vulnerability in HP products
An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to alter the maximum size of storage groups and enable/disable the setting for the 'follow schedule' function.
network
low complexity
hp
6.5
2017-09-30 CVE-2017-13987 Unspecified vulnerability in HP products
An insufficient access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows an unauthorized user to download log files.
network
low complexity
hp
6.5
2017-09-30 CVE-2017-13986 Cross-site Scripting vulnerability in HP products
A reflected Cross-Site Scripting(XSS) vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows for unintended information when a specific URL is sent to the system.
network
low complexity
hp CWE-79
6.1