Hp Arcsight Management Center vulnerabilities

7 known vulnerabilities affecting hp/arcsight_management_center.

Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2019-3486MEDIUMCVSS 6.1fixed in 2.9.12019-07-25
CVE-2019-3486 [MEDIUM] CWE-79 CVE-2019-3486: Mitigates a stored cross site scripting issue in ArcSight Security Management Center versions prior Mitigates a stored cross site scripting issue in ArcSight Security Management Center versions prior to 2.9.1
nvd
CVE-2018-6500HIGHCVSS 7.5fixed in 2.812018-09-20
CVE-2018-6500 [HIGH] CWE-22 CVE-2018-6500: A potential Directory Traversal Security vulnerability has been identified in ArcSight Management Ce A potential Directory Traversal Security vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be remotely exploited to allow Directory Traversal.
nvd
CVE-2018-6505HIGHCVSS 7.5fixed in 2.812018-09-20
CVE-2018-6505 [HIGH] CVE-2018-6505: A potential Unauthenticated File Download vulnerability has been identified in ArcSight Management C A potential Unauthenticated File Download vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Unauthenticated File Downloads.
nvd
CVE-2018-6503MEDIUMCVSS 6.5fixed in 2.812018-09-20
CVE-2018-6503 [MEDIUM] CVE-2018-6503: A potential Access Control vulnerability has been identified in ArcSight Management Center (ArcMC) i A potential Access Control vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for vulnerable Access Controls.
nvd
CVE-2018-6502MEDIUMCVSS 6.1fixed in 2.812018-09-20
CVE-2018-6502 [MEDIUM] CWE-79 CVE-2018-6502: A potential Reflected Cross-Site Scripting (XSS) Security vulnerability has been identified in ArcSi A potential Reflected Cross-Site Scripting (XSS) Security vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Reflected Cross-site Scripting (XSS).
nvd
CVE-2018-6501MEDIUMCVSS 6.5fixed in 2.812018-09-20
CVE-2018-6501 [MEDIUM] CVE-2018-6501: Potential security vulnerability of Insufficient Access Controls has been identified in ArcSight Man Potential security vulnerability of Insufficient Access Controls has been identified in ArcSight Management Center (ArcMC) for versions prior to 2.81. This vulnerability could be exploited to allow for insufficient access controls.
nvd
CVE-2015-6030HIGHCVSS 7.2≤ 2.02015-11-04
CVE-2015-6030 [HIGH] CWE-264 CVE-2015-6030: HP ArcSight Logger 6.0.0.7307.1, ArcSight Command Center 6.8.0.1896.0, and ArcSight Connector Applia HP ArcSight Logger 6.0.0.7307.1, ArcSight Command Center 6.8.0.1896.0, and ArcSight Connector Appliance 6.4.0.6881.3 use the root account to execute files owned by the arcsight user, which might allow local users to gain privileges by leveraging arcsight account access.
nvd