CVE-2015-6030

Опубликовано: 04 нояб. 2015

Источник: nvd

CVSS2: 7.2

EPSS Низкий

Описание

HP ArcSight Logger 6.0.0.7307.1, ArcSight Command Center 6.8.0.1896.0, and ArcSight Connector Appliance 6.4.0.6881.3 use the root account to execute files owned by the arcsight user, which might allow local users to gain privileges by leveraging arcsight account access.

Ссылки

http://www.kb.cert.org/vuls/id/842252
Third Party Advisory
US Government Resource
http://www.securitytracker.com/id/1034072
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1034073
Third Party Advisory
VDB Entry
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04872416
Third Party Advisory
http://www.kb.cert.org/vuls/id/842252
Third Party Advisory
US Government Resource
http://www.securitytracker.com/id/1034072
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1034073
Third Party Advisory
VDB Entry
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04872416
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:hp:arcsight_connector_appliance:*:*:*:*:*:*:*:*

Версия до 6.4.0.6881.3 (включая)

Конфигурация 2

cpe:2.3:a:hp:arcsight_logger:6.0.0.7307.1:*:*:*:*:*:*:*

Конфигурация 3

cpe:2.3:a:hp:arcsight_command_center:6.8.0.1896.0:*:*:*:*:*:*:*

Конфигурация 4

Одно из

cpe:2.3:a:hp:arcsight_connectors:*:*:*:*:*:*:*:*

Версия до 7.1.3 (включая)

cpe:2.3:a:hp:arcsight_express:4.0:*:*:*:*:*:*:*

cpe:2.3:a:hp:arcsight_express:4.0:p1:*:*:*:*:*:*

cpe:2.3:a:hp:arcsight_management_center:*:p1:*:*:*:*:*:*

Версия до 2.0 (включая)

cpe:2.3:a:microfocus:arcsight_enterprise_security_manager:*:*:*:*:*:*:*:*

Версия до 6.5 (включая)

EPSS

Процентиль: 76%

0.00975

Низкий

7.2 High

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-8jfh-c5c9-f6fm

github

больше 3 лет назад