CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-9522
https://notcve.org/view.php?id=CVE-2020-9522
16 Jun 2020 — Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM) product, Affecting versions 7.0.x, 7.2 and 7.2.1 . The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS) or information disclosure. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en el producto Micro Focus ArcSight Enterprise Security Manager (ESM), afectando a las versiones 7.0.x, 7.2 y 7.2.1. Las vulnerabilidades podrían ser explotadas remotamente, resultando en un at... • https://softwaresupport.softwaregrp.com/doc/KM03650888 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 1%CPEs: 8EXPL: 0CVE-2015-6030 – HP Security Bulletin HPSBGN03430 3
https://notcve.org/view.php?id=CVE-2015-6030
04 Nov 2015 — HP ArcSight Logger 6.0.0.7307.1, ArcSight Command Center 6.8.0.1896.0, and ArcSight Connector Appliance 6.4.0.6881.3 use the root account to execute files owned by the arcsight user, which might allow local users to gain privileges by leveraging arcsight account access. HP ArcSight Logger 6.0.0.7307.1, ArcSight Command Center 6.8.0.1896.0 y ArcSight Connector Appliance 6.4.0.6881.3 utilizan la cuenta root para ejecutar archivos pertenecientes al usuario arcsight, lo que podría permitir a usuarios locales ob... • http://www.kb.cert.org/vuls/id/842252 • CWE-264: Permissions, Privileges, and Access Controls •