Vulnerabilities > Microfocus > Arcsight Enterprise Security Manager

DATE CVE VULNERABILITY TITLE RISK
2022-01-14 CVE-2021-38126 Cross-site Scripting vulnerability in Microfocus Arcsight Enterprise Security Manager 7.4/7.5
Potential vulnerabilities have been identified in Micro Focus ArcSight Enterprise Security Manager, affecting versions 7.4.x and 7.5.x.
network
low complexity
microfocus CWE-79
6.1
6.1
2022-01-14 CVE-2021-38127 Cross-site Scripting vulnerability in Microfocus Arcsight Enterprise Security Manager 7.4/7.5
Potential vulnerabilities have been identified in Micro Focus ArcSight Enterprise Security Manager, affecting versions 7.4.x and 7.5.x.
network
low complexity
microfocus CWE-79
6.1
6.1
2021-09-28 CVE-2021-38124 Command Injection vulnerability in Microfocus Arcsight Enterprise Security Manager 7.4/7.5
Remote Code Execution vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM) product, affecting versions 7.0.2 through 7.5.
network
low complexity
microfocus CWE-77
critical
 9.8
9.8
2016-03-16 CVE-2016-1991 Arbitrary File Download vulnerability in HP ArcSight ESM and ArcSight ESM Express
HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows remote authenticated users to conduct unspecified "file download" attacks via unknown vectors.
network
microfocus
6.0
6.0
2016-03-16 CVE-2016-1990 Permissions, Privileges, and Access Controls vulnerability in Microfocus Arcsight Enterprise Security Manager
HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows local users to gain privileges for command execution via unspecified vectors.
local
low complexity
microfocus CWE-264
4.3
4.3
2015-11-04 CVE-2015-6030 Permissions, Privileges, and Access Controls vulnerability in multiple products
HP ArcSight Logger 6.0.0.7307.1, ArcSight Command Center 6.8.0.1896.0, and ArcSight Connector Appliance 6.4.0.6881.3 use the root account to execute files owned by the arcsight user, which might allow local users to gain privileges by leveraging arcsight account access.
local
low complexity
hp microfocus CWE-264
7.2
7.2
2015-03-14 CVE-2014-7885 Unspecified vulnerability in Microfocus Arcsight Enterprise Security Manager
Multiple unspecified vulnerabilities in HP ArcSight Enterprise Security Manager (ESM) before 6.8c have unknown impact and remote attack vectors.
network
low complexity
microfocus
critical
 10.0
10
2013-09-20 CVE-2013-4815 Cross-Site Scripting vulnerability in Microfocus Arcsight Enterprise Security Manager
Cross-site scripting (XSS) vulnerability in the web interface in HP ArcSight Enterprise Security Manager (ESM) before 5.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
microfocus CWE-79
4.3
4.3