Vulnerabilities > Microfocus > Arcsight Enterprise Security Manager > High

DATE CVE VULNERABILITY TITLE RISK
2016-03-16 CVE-2016-1991 Unspecified vulnerability in Microfocus Arcsight Enterprise Security Manager
HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows remote authenticated users to conduct unspecified "file download" attacks via unknown vectors.
network
low complexity
microfocus
8.0
2016-03-16 CVE-2016-1990 Permissions, Privileges, and Access Controls vulnerability in Microfocus Arcsight Enterprise Security Manager
HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows local users to gain privileges for command execution via unspecified vectors.
local
low complexity
microfocus CWE-264
7.8