CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6503 – MFSBGN03824 rev.1 - ArcSight Management Center, Insufficient Access Control, Reflected Cross Site Scripting, Access Control vulnerability, Cross-Site Request Forgery (CSRF), Unauthenticated File Download, Directory Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2018-6503
A potential Access Control vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for vulnerable Access Controls. Se ha identificado una vulnerabilidad potencial de control de acceso en ArcSight Management Center (ArcMC) en todas las versiones anteriores a la 2.81. La vulnerabilidad podría ser explotada para permitir controles de acceso vulnerables. • https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03245142 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6502 – MFSBGN03824 rev.1 - ArcSight Management Center, Insufficient Access Control, Reflected Cross Site Scripting, Access Control vulnerability, Cross-Site Request Forgery (CSRF), Unauthenticated File Download, Directory Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2018-6502
A potential Reflected Cross-Site Scripting (XSS) Security vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Reflected Cross-site Scripting (XSS). Se ha identificado una vulnerabilidad de seguridad potencial de Cross-Site Scripting (XSS) reflejado en ArcSight Management Center (ArcMC) en todas las versiones anteriores a la 2.81. Esta vulnerabilidad podría explotarse para permitir Cross-Site Scripting (XSS) reflejado. • https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03245142 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6501
https://notcve.org/view.php?id=CVE-2018-6501
Potential security vulnerability of Insufficient Access Controls has been identified in ArcSight Management Center (ArcMC) for versions prior to 2.81. This vulnerability could be exploited to allow for insufficient access controls. Se ha identificado una vulnerabilidad potencial de seguridad de controles de acceso insuficientes en ArcSight Management Center (ArcMC) en versiones anteriores a la 2.81. La vulnerabilidad podría ser explotada para permitir controles de acceso insuficientes. • https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03245142 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6500 – MFSBGN03824 rev.1 - ArcSight Management Center, Insufficient Access Control, Reflected Cross Site Scripting, Access Control vulnerability, Cross-Site Request Forgery (CSRF), Unauthenticated File Download, Directory Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2018-6500
A potential Directory Traversal Security vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be remotely exploited to allow Directory Traversal. Se ha identificado una vulnerabilidad de salto de directorio en ArcSight Management Center (ArcMC) en todas las versiones anteriores a la 2.81. La vulnerabilidad se podría explotar de forma remota para permitir un salto de directorio. • https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03245142 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 15%CPEs: 14EXPL: 0CVE-2018-7114 – Hewlett Packard Enterprise Intelligent Management Center dbman decryptMsgAes Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-7114
HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to remote buffer overflow in dbman leading to code execution. This problem is resolved in IMC PLAT 7.3 (E0605P06) or subsequent versions. HPE Intelligent Management Center (IMC) en versiones anteriores a IMC PLAT 7.3 (E0605P06) es vulnerable a un desbordamiento de búfer remoto en dbman que conduce a una ejecución de código. El problema se ha resuelto en IMC PLAT 7.3 E0605P06 o en versiones posteriores. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. • http://www.securityfocus.com/bid/106211 http://www.securitytracker.com/id/1042182 https://support.hpe.com/hpsc/doc/public/display?docId=hpesbhf03906en_us https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03906en_us • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •