CVE-2015-6030

CWE-2643 documents3 sources

Severity

7.2HIGH

EPSS

0.1%

top 67.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

HP Arcsight Connector Appliance HP Arcsight Connectors HP Arcsight Management Center +4 more

Timeline

PublishedNov 4

Latest updateMay 14

Description

HP ArcSight Logger 6.0.0.7307.1, ArcSight Command Center 6.8.0.1896.0, and ArcSight Connector Appliance 6.4.0.6881.3 use the root account to execute files owned by the arcsight user, which might allow local users to gain privileges by leveraging arcsight account access.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages7 packages

▶NVDhp/arcsight_connector_appliance6.4.0.6881.3

▶NVDhp/arcsight_command_center6.8.0.1896.0

▶NVDhp/arcsight_connectors7.1.3

▶NVDhp/arcsight_management_center2.0

▶NVDhp/arcsight_logger6.0.0.7307.1

🔴Vulnerability Details

GHSA

GHSA-8jfh-c5c9-f6fm: HP ArcSight Logger 6↗2022-05-14

▶

CVEList

CVE-2015-6030: HP ArcSight Logger 6↗2015-11-04

▶