CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-38127
https://notcve.org/view.php?id=CVE-2021-38127
14 Jan 2022 — Potential vulnerabilities have been identified in Micro Focus ArcSight Enterprise Security Manager, affecting versions 7.4.x and 7.5.x. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS). Se han identificado posibles vulnerabilidades en Micro Focus ArcSight Enterprise Security Manager, afectando las versiones 7.4.x y 7.5.x. Las vulnerabilidades podrían ser explotadas de forma remota resultando en ataques de tipo Cross-Site Scripting (XSS) • https://portal.microfocus.com/s/article/KM000003453?language=en_US • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-38126
https://notcve.org/view.php?id=CVE-2021-38126
14 Jan 2022 — Potential vulnerabilities have been identified in Micro Focus ArcSight Enterprise Security Manager, affecting versions 7.4.x and 7.5.x. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS). Se han identificado posibles vulnerabilidades en Micro Focus ArcSight Enterprise Security Manager, afectando las versiones 7.4.x y 7.5.x. Las vulnerabilidades podrían ser explotadas de forma remota resultando en ataques de tipo Cross-Site Scripting (XSS) • https://portal.microfocus.com/s/article/KM000003453?language=en_US • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2021-38124
https://notcve.org/view.php?id=CVE-2021-38124
28 Sep 2021 — Remote Code Execution vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM) product, affecting versions 7.0.2 through 7.5. The vulnerability could be exploited resulting in remote code execution. Una vulnerabilidad de ejecución de código remota en el producto Micro Focus ArcSight Enterprise Security Manager (ESM), que afecta a las versiones 7.0.2 hasta 7.5. La vulnerabilidad podría ser explotada resultando en una ejecución de código remota • https://portal.microfocus.com/s/article/KM000001960 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-9522
https://notcve.org/view.php?id=CVE-2020-9522
16 Jun 2020 — Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM) product, Affecting versions 7.0.x, 7.2 and 7.2.1 . The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS) or information disclosure. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en el producto Micro Focus ArcSight Enterprise Security Manager (ESM), afectando a las versiones 7.0.x, 7.2 y 7.2.1. Las vulnerabilidades podrían ser explotadas remotamente, resultando en un at... • https://softwaresupport.softwaregrp.com/doc/KM03650888 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2016-1990 – HP Security Bulletin HPSBGN03556 1
https://notcve.org/view.php?id=CVE-2016-1990
15 Mar 2016 — HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows local users to gain privileges for command execution via unspecified vectors. HPE ArcSight ESM 5.x en versiones anteriores a 5.6, 6.0, 6.5.x en versiones anteriores a 6.5C SP1 Patch 2 y 6.8c en versiones anteriores a P1 y ArcSight ESM Express en versiones anteriores a 6.9.1, permite a usuarios locales obtener privilegios para la ejecución de comandos a través de vectores no ... • http://www.securitytracker.com/id/1035282 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.0EPSS: 0%CPEs: 5EXPL: 0CVE-2016-1991 – HP Security Bulletin HPSBGN03556 1
https://notcve.org/view.php?id=CVE-2016-1991
15 Mar 2016 — HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows remote authenticated users to conduct unspecified "file download" attacks via unknown vectors. HPE ArcSight ESM 5.x en versiones anteriores a 5.6, 6.0, 6.5.x en versiones anteriores a 6.5C SP1 Patch 2 y 6.8c en versiones anteriores a P1 y ArcSight ESM Express en versiones anteriores a 6.9.1, permite a usuarios remotos autenticados llevar a cabo ataques de "descarga de archiv... • http://www.securitytracker.com/id/1035282 •
CVSS: 7.8EPSS: 1%CPEs: 8EXPL: 0CVE-2015-6030 – HP Security Bulletin HPSBGN03430 3
https://notcve.org/view.php?id=CVE-2015-6030
04 Nov 2015 — HP ArcSight Logger 6.0.0.7307.1, ArcSight Command Center 6.8.0.1896.0, and ArcSight Connector Appliance 6.4.0.6881.3 use the root account to execute files owned by the arcsight user, which might allow local users to gain privileges by leveraging arcsight account access. HP ArcSight Logger 6.0.0.7307.1, ArcSight Command Center 6.8.0.1896.0 y ArcSight Connector Appliance 6.4.0.6881.3 utilizan la cuenta root para ejecutar archivos pertenecientes al usuario arcsight, lo que podría permitir a usuarios locales ob... • http://www.kb.cert.org/vuls/id/842252 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2014-7885 – HP Security Bulletin HPSBGN03249 1
https://notcve.org/view.php?id=CVE-2014-7885
13 Mar 2015 — Multiple unspecified vulnerabilities in HP ArcSight Enterprise Security Manager (ESM) before 6.8c have unknown impact and remote attack vectors. Múltiples vulnerabilidades no especificadas en HP ArcSight Enterprise Security Manager (ESM) anterior a 6.8c tienen un impacto desconocido y vectores de ataques remotos. Potential security vulnerabilities has been identified with HP ArcSight Enterprise Security Manager (ESM) and HP ArcSight Logger. These vulnerabilities could be exploited remotely resulting in mult... • http://www.kb.cert.org/vuls/id/868948 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2013-4815 – HP Security Bulletin HPSBGN02923
https://notcve.org/view.php?id=CVE-2013-4815
20 Sep 2013 — Cross-site scripting (XSS) vulnerability in the web interface in HP ArcSight Enterprise Security Manager (ESM) before 5.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad XSS en el interfaz web en HP ArcSight Enterprise Security Manager (ESM) anterior a v5.5 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a través de vectores no especificados. A potential security vulnerability has been identified with HP ArcSight Enter... • https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03901176 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •