Описание
An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to alter the maximum size of storage groups and enable/disable the setting for the 'follow schedule' function.
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.0:*:*:*:*:*:*:*
cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.0c:*:*:*:*:*:*:*
cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.5:*:*:*:*:*:*:*
cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.5:sp1:*:*:*:*:*:*
cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.5c:*:*:*:*:*:*:*
cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.5c:sp1:*:*:*:*:*:*
cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.8:*:*:*:*:*:*:*
cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.8c:*:*:*:*:*:*:*
cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.9.0c:*:*:*:*:*:*:*
cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.9.1c:*:*:*:*:*:*:*
cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.9.1c:p1:*:*:*:*:*:*
cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.9.1c:p2:*:*:*:*:*:*
cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.9.1c:p3:*:*:*:*:*:*
cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.11.0:*:*:*:*:*:*:*
Конфигурация 2
Одно из
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.0:*:*:*:*:*:*:*
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.0c:*:*:*:*:*:*:*
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.5:*:*:*:*:*:*:*
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.5:sp1:*:*:*:*:*:*
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.5c:*:*:*:*:*:*:*
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.5c:sp1:*:*:*:*:*:*
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.8:*:*:*:*:*:*:*
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.8c:*:*:*:*:*:*:*
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.9.0:*:*:*:*:*:*:*
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.9.1c:*:*:*:*:*:*:*
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.9.1c:p1:*:*:*:*:*:*
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.9.1c:p2:*:*:*:*:*:*
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.9.1c:p3:*:*:*:*:*:*
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.11.0:*:*:*:*:*:*:*
EPSS
Процентиль: 49%
0.0026
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 6.5
github
больше 3 лет назад
An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to alter the maximum size of storage groups and enable/disable the setting for the 'follow schedule' function.
EPSS
Процентиль: 49%
0.0026
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
NVD-CWE-noinfo