CVE-2020-9522
https://notcve.org/view.php?id=CVE-2020-9522
Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM) product, Affecting versions 7.0.x, 7.2 and 7.2.1 . The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS) or information disclosure. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en el producto Micro Focus ArcSight Enterprise Security Manager (ESM), afectando a las versiones 7.0.x, 7.2 y 7.2.1. Las vulnerabilidades podrían ser explotadas remotamente, resultando en un ataque de tipo Cross-Site Scripting (XSS) o una divulgación de información • https://softwaresupport.softwaregrp.com/doc/KM03650888 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-6030
https://notcve.org/view.php?id=CVE-2015-6030
HP ArcSight Logger 6.0.0.7307.1, ArcSight Command Center 6.8.0.1896.0, and ArcSight Connector Appliance 6.4.0.6881.3 use the root account to execute files owned by the arcsight user, which might allow local users to gain privileges by leveraging arcsight account access. HP ArcSight Logger 6.0.0.7307.1, ArcSight Command Center 6.8.0.1896.0 y ArcSight Connector Appliance 6.4.0.6881.3 utilizan la cuenta root para ejecutar archivos pertenecientes al usuario arcsight, lo que podría permitir a usuarios locales obtener privilegios mediante el aprovechamiento del acceso a la cuenta ArcSight. • http://www.kb.cert.org/vuls/id/842252 http://www.securitytracker.com/id/1034072 http://www.securitytracker.com/id/1034073 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04872416 • CWE-264: Permissions, Privileges, and Access Controls •