exploitDog

CVE-2015-2902

Опубликовано: 04 нояб. 2015

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Описание

HP ArcSight SmartConnectors before 7.1.6 do not verify X.509 certificates from Logger devices, which allows man-in-the-middle attackers to spoof devices and obtain sensitive information via a crafted certificate.

Комментарий

CWE-295: Improper Certificate Validation

Ссылки

http://www.kb.cert.org/vuls/id/350508
Third Party Advisory
US Government Resource
http://www.securitytracker.com/id/1034078
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04850932
Vendor Advisory
http://www.kb.cert.org/vuls/id/350508
Third Party Advisory
US Government Resource
http://www.securitytracker.com/id/1034078
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04850932
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:hp:arcsight_smartconnectors:*:*:*:*:*:*:*:*

Версия до 7.1.5 (включая)

EPSS

Процентиль: 76%

0.00949

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-310

Связанные уязвимости

GHSA-qmrg-fwhw-r3r5

github

больше 3 лет назад

HP ArcSight SmartConnectors before 7.1.6 do not verify X.509 certificates from Logger devices, which allows man-in-the-middle attackers to spoof devices and obtain sensitive information via a crafted certificate.

EPSS

Процентиль: 76%

0.00949

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-310