Microfocus Arcsight Enterprise Security Manager vulnerabilities

8 known vulnerabilities affecting microfocus/arcsight_enterprise_security_manager.

Total CVEs
8
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH3MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2021-38127MEDIUMCVSS 6.1v7.4v7.52022-01-14
CVE-2021-38127 [MEDIUM] CWE-79 CVE-2021-38127: Potential vulnerabilities have been identified in Micro Focus ArcSight Enterprise Security Manager, Potential vulnerabilities have been identified in Micro Focus ArcSight Enterprise Security Manager, affecting versions 7.4.x and 7.5.x. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS).
nvd
CVE-2021-38126MEDIUMCVSS 6.1v7.4v7.52022-01-14
CVE-2021-38126 [MEDIUM] CWE-79 CVE-2021-38126: Potential vulnerabilities have been identified in Micro Focus ArcSight Enterprise Security Manager, Potential vulnerabilities have been identified in Micro Focus ArcSight Enterprise Security Manager, affecting versions 7.4.x and 7.5.x. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS).
nvd
CVE-2021-38124CRITICALCVSS 9.8≥ 7.0.2, ≤ 7.52021-09-28
CVE-2021-38124 [CRITICAL] CWE-77 CVE-2021-38124: Remote Code Execution vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM) produc Remote Code Execution vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM) product, affecting versions 7.0.2 through 7.5. The vulnerability could be exploited resulting in remote code execution.
nvd
CVE-2016-1991HIGHCVSS 8.0≥ 5.0, ≤ 5.6v6.0+3 more2016-03-16
CVE-2016-1991 [HIGH] CVE-2016-1991: HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSigh HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows remote authenticated users to conduct unspecified "file download" attacks via unknown vectors.
nvd
CVE-2016-1990HIGHCVSS 7.8≤ 5.6v6.0+3 more2016-03-16
CVE-2016-1990 [HIGH] CWE-264 CVE-2016-1990: HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSigh HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows local users to gain privileges for command execution via unspecified vectors.
nvd
CVE-2015-6030HIGHCVSS 7.2≤ 6.52015-11-04
CVE-2015-6030 [HIGH] CWE-264 CVE-2015-6030: HP ArcSight Logger 6.0.0.7307.1, ArcSight Command Center 6.8.0.1896.0, and ArcSight Connector Applia HP ArcSight Logger 6.0.0.7307.1, ArcSight Command Center 6.8.0.1896.0, and ArcSight Connector Appliance 6.4.0.6881.3 use the root account to execute files owned by the arcsight user, which might allow local users to gain privileges by leveraging arcsight account access.
nvd
CVE-2014-7885CRITICALCVSS 10.0≤ 6.5c2015-03-14
CVE-2014-7885 [CRITICAL] CVE-2014-7885: Multiple unspecified vulnerabilities in HP ArcSight Enterprise Security Manager (ESM) before 6.8c ha Multiple unspecified vulnerabilities in HP ArcSight Enterprise Security Manager (ESM) before 6.8c have unknown impact and remote attack vectors.
nvd
CVE-2013-4815MEDIUMCVSS 4.3≤ 5.22013-09-20
CVE-2013-4815 [MEDIUM] CWE-79 CVE-2013-4815: Cross-site scripting (XSS) vulnerability in the web interface in HP ArcSight Enterprise Security Man Cross-site scripting (XSS) vulnerability in the web interface in HP ArcSight Enterprise Security Manager (ESM) before 5.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd