CVE-2024-2835 – OpenText ArcSight Enterprise Security Manager and ArcSight Platform Stored XSS
https://notcve.org/view.php?id=CVE-2024-2835
A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Enterprise Security Manager and ArcSight Platform. The vulnerability could be remotely exploited. Se ha identificado una vulnerabilidad de Cross Site Scripting Almacenado (XSS) en OpenText ArcSight Enterprise Security Manager y ArcSight Platform. La vulnerabilidad podría explotarse de forma remota. • https://portal.microfocus.com/s/article/KM000029773 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-3482 – OpenText ArcSight Enterprise Security Manager and ArcSight Platform Stored XSS
https://notcve.org/view.php?id=CVE-2024-3482
A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Enterprise Security Manager and ArcSight Platform. The vulnerability could be remotely exploited. Se ha identificado una vulnerabilidad de Cross Site Scripting Almacenado (XSS) en OpenText ArcSight Enterprise Security Manager y ArcSight Platform. La vulnerabilidad podría explotarse de forma remota. • https://portal.microfocus.com/s/article/KM000029773 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-1991
https://notcve.org/view.php?id=CVE-2016-1991
HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows remote authenticated users to conduct unspecified "file download" attacks via unknown vectors. HPE ArcSight ESM 5.x en versiones anteriores a 5.6, 6.0, 6.5.x en versiones anteriores a 6.5C SP1 Patch 2 y 6.8c en versiones anteriores a P1 y ArcSight ESM Express en versiones anteriores a 6.9.1, permite a usuarios remotos autenticados llevar a cabo ataques de "descarga de archivo" no especificados a través de vectores desconocidos. • http://www.securitytracker.com/id/1035282 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05048452 •
CVE-2016-1990
https://notcve.org/view.php?id=CVE-2016-1990
HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows local users to gain privileges for command execution via unspecified vectors. HPE ArcSight ESM 5.x en versiones anteriores a 5.6, 6.0, 6.5.x en versiones anteriores a 6.5C SP1 Patch 2 y 6.8c en versiones anteriores a P1 y ArcSight ESM Express en versiones anteriores a 6.9.1, permite a usuarios locales obtener privilegios para la ejecución de comandos a través de vectores no especificados. • http://www.securitytracker.com/id/1035282 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05048452 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2015-6030
https://notcve.org/view.php?id=CVE-2015-6030
HP ArcSight Logger 6.0.0.7307.1, ArcSight Command Center 6.8.0.1896.0, and ArcSight Connector Appliance 6.4.0.6881.3 use the root account to execute files owned by the arcsight user, which might allow local users to gain privileges by leveraging arcsight account access. HP ArcSight Logger 6.0.0.7307.1, ArcSight Command Center 6.8.0.1896.0 y ArcSight Connector Appliance 6.4.0.6881.3 utilizan la cuenta root para ejecutar archivos pertenecientes al usuario arcsight, lo que podría permitir a usuarios locales obtener privilegios mediante el aprovechamiento del acceso a la cuenta ArcSight. • http://www.kb.cert.org/vuls/id/842252 http://www.securitytracker.com/id/1034072 http://www.securitytracker.com/id/1034073 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04872416 • CWE-264: Permissions, Privileges, and Access Controls •