Vulnerabilities > HP
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-30 | CVE-2017-13991 | Information Exposure vulnerability in HP products An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of product license features. | 5.3 |
| 2017-09-30 | CVE-2017-13990 | Information Exposure vulnerability in HP products An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of Apache Tomcat application server version. | 5.3 |
| 2017-09-30 | CVE-2017-13989 | Unspecified vulnerability in HP products An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to retrieve or modify storage information. | 8.1 |
| 2017-09-30 | CVE-2017-13988 | Unspecified vulnerability in HP products An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to alter the maximum size of storage groups and enable/disable the setting for the 'follow schedule' function. | 6.5 |
| 2017-09-30 | CVE-2017-13987 | Unspecified vulnerability in HP products An insufficient access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows an unauthorized user to download log files. | 6.5 |
| 2017-09-30 | CVE-2017-13986 | Cross-site Scripting vulnerability in HP products A reflected Cross-Site Scripting(XSS) vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows for unintended information when a specific URL is sent to the system. | 6.1 |
| 2017-09-30 | CVE-2017-13985 | Path Traversal vulnerability in HP BSM Platform Application Performance Management System Health 9.26/9.30/9.40 An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to traverse directory leading to disclosure of information. | 6.5 |
| 2017-09-30 | CVE-2017-13984 | Improper Authentication vulnerability in HP BSM Platform Application Performance Management System Health 9.26/9.30/9.40 An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to delete arbitrary files via servlet directory traversal. | 6.5 |
| 2017-09-30 | CVE-2017-13983 | Improper Authentication vulnerability in HP BSM Platform Application Performance Management System Health 9.26/9.30/9.40 An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to bypass authentication. | 9.8 |
| 2017-09-30 | CVE-2017-13982 | Unrestricted Upload of File with Dangerous Type vulnerability in HP BSM Platform Application Performance Management System Health 9.26/9.30/9.40 A directory traversal vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows users to upload unrestricted files. | 8.8 |