CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32267 – OpenText / Micro Focus ArcSight Management Center Remote Vulnerability
https://notcve.org/view.php?id=CVE-2023-32267
11 Aug 2023 — A potential vulnerability has been identified in OpenText / Micro Focus ArcSight Management Center. The vulnerability could be remotely exploited. Se ha identificado una vulnerabilidad potencial en ArcSight Management Center de OpenText y Micro Focus. La vulnerabilidad podría ser explotada de forma remota. • https://portal.microfocus.com/s/article/KM000020296?language=en_US •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-11848
https://notcve.org/view.php?id=CVE-2020-11848
19 Aug 2020 — Denial of service vulnerability on Micro Focus ArcSight Management Center. Affecting all versions prior to version 2.9.5. The vulnerability could cause the server to become unavailable, causing a denial of service. Vulnerabilidad de Denegación de Servicio en Micro Focus ArcSight Management Center. Afectando a todas las versiones anteriores a 2.9.5. • https://community.microfocus.com/t5/ArcSight-Management-Center-ArcMC/ArcSight-Management-Center-2-9-5-Release-Notes/ta-p/2814648 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-3486 – ArcSight Security Management Center stored cross site script issue in version prior to 2.9.1
https://notcve.org/view.php?id=CVE-2019-3486
25 Jul 2019 — Mitigates a stored cross site scripting issue in ArcSight Security Management Center versions prior to 2.9.1 Mitiga un problema de Cross-Site Scripting (XSS) persistente en ArcSight Security Management Center en versiones anteriores a la 2.9.1. • https://community.microfocus.com/t5/ArcSight-Management-Center-ArcMC/ArcSight-Management-Center-2-91-Release-Notes/ta-p/1790266?attachment-id=74671 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6503 – MFSBGN03824 rev.1 - ArcSight Management Center, Insufficient Access Control, Reflected Cross Site Scripting, Access Control vulnerability, Cross-Site Request Forgery (CSRF), Unauthenticated File Download, Directory Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2018-6503
20 Sep 2018 — A potential Access Control vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for vulnerable Access Controls. Se ha identificado una vulnerabilidad potencial de control de acceso en ArcSight Management Center (ArcMC) en todas las versiones anteriores a la 2.81. La vulnerabilidad podría ser explotada para permitir controles de acceso vulnerables. • https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03245142 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6502 – MFSBGN03824 rev.1 - ArcSight Management Center, Insufficient Access Control, Reflected Cross Site Scripting, Access Control vulnerability, Cross-Site Request Forgery (CSRF), Unauthenticated File Download, Directory Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2018-6502
20 Sep 2018 — A potential Reflected Cross-Site Scripting (XSS) Security vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Reflected Cross-site Scripting (XSS). Se ha identificado una vulnerabilidad de seguridad potencial de Cross-Site Scripting (XSS) reflejado en ArcSight Management Center (ArcMC) en todas las versiones anteriores a la 2.81. Esta vulnerabilidad podría explotarse para permitir Cross-Site Scripting (XSS)... • https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03245142 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6505 – MFSBGN03824 rev.1 - ArcSight Management Center, Insufficient Access Control, Reflected Cross Site Scripting, Access Control vulnerability, Cross-Site Request Forgery (CSRF), Unauthenticated File Download, Directory Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2018-6505
20 Sep 2018 — A potential Unauthenticated File Download vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Unauthenticated File Downloads. Se ha identificado una vulnerabilidad potencial de descarga de archivos en ArcSight Management Center (ArcMC) en todas las versiones anteriores a la 2.81. La vulnerabilidad podría ser explotada para permitir descargas no de archivos sin autenticación. • https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03245142 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6504 – MFSBGN03824 rev.1 - ArcSight Management Center, Insufficient Access Control, Reflected Cross Site Scripting, Access Control vulnerability, Cross-Site Request Forgery (CSRF), Unauthenticated File Download, Directory Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2018-6504
20 Sep 2018 — A potential Cross-Site Request Forgery (CSRF) vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Cross-Site Request Forgery (CSRF). Se ha identificado una vulnerabilidad potencial de Cross-Site Request Forgery (CSRF) en ArcSight Management Center (ArcMC) en todas las versiones anteriores a la 2.81. Esta vulnerabilidad podría explotarse para permitir Cross-Site Request Forgery (CSRF). • https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03245142 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6501
https://notcve.org/view.php?id=CVE-2018-6501
20 Sep 2018 — Potential security vulnerability of Insufficient Access Controls has been identified in ArcSight Management Center (ArcMC) for versions prior to 2.81. This vulnerability could be exploited to allow for insufficient access controls. Se ha identificado una vulnerabilidad potencial de seguridad de controles de acceso insuficientes en ArcSight Management Center (ArcMC) en versiones anteriores a la 2.81. La vulnerabilidad podría ser explotada para permitir controles de acceso insuficientes. • https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03245142 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6500 – MFSBGN03824 rev.1 - ArcSight Management Center, Insufficient Access Control, Reflected Cross Site Scripting, Access Control vulnerability, Cross-Site Request Forgery (CSRF), Unauthenticated File Download, Directory Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2018-6500
20 Sep 2018 — A potential Directory Traversal Security vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be remotely exploited to allow Directory Traversal. Se ha identificado una vulnerabilidad de salto de directorio en ArcSight Management Center (ArcMC) en todas las versiones anteriores a la 2.81. La vulnerabilidad se podría explotar de forma remota para permitir un salto de directorio. • https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03245142 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2015-6030 – HP Security Bulletin HPSBGN03430 3
https://notcve.org/view.php?id=CVE-2015-6030
04 Nov 2015 — HP ArcSight Logger 6.0.0.7307.1, ArcSight Command Center 6.8.0.1896.0, and ArcSight Connector Appliance 6.4.0.6881.3 use the root account to execute files owned by the arcsight user, which might allow local users to gain privileges by leveraging arcsight account access. HP ArcSight Logger 6.0.0.7307.1, ArcSight Command Center 6.8.0.1896.0 y ArcSight Connector Appliance 6.4.0.6881.3 utilizan la cuenta root para ejecutar archivos pertenecientes al usuario arcsight, lo que podría permitir a usuarios locales ob... • http://www.kb.cert.org/vuls/id/842252 • CWE-264: Permissions, Privileges, and Access Controls •