Vulnerabilities > Microfocus > Arcsight Enterprise Security Manager > 6.5

DATE	CVE	VULNERABILITY TITLE	RISK
2016-03-16	CVE-2016-1991	Arbitrary File Download vulnerability in HP ArcSight ESM and ArcSight ESM Express HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows remote authenticated users to conduct unspecified "file download" attacks via unknown vectors. network microfocus	6.0
2016-03-16	CVE-2016-1990	Permissions, Privileges, and Access Controls vulnerability in Microfocus Arcsight Enterprise Security Manager HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows local users to gain privileges for command execution via unspecified vectors. local low complexity microfocus CWE-264	4.3

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.