CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-38127
https://notcve.org/view.php?id=CVE-2021-38127
Potential vulnerabilities have been identified in Micro Focus ArcSight Enterprise Security Manager, affecting versions 7.4.x and 7.5.x. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS). Se han identificado posibles vulnerabilidades en Micro Focus ArcSight Enterprise Security Manager, afectando las versiones 7.4.x y 7.5.x. Las vulnerabilidades podrían ser explotadas de forma remota resultando en ataques de tipo Cross-Site Scripting (XSS) • https://portal.microfocus.com/s/article/KM000003453?language=en_US • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-38126
https://notcve.org/view.php?id=CVE-2021-38126
Potential vulnerabilities have been identified in Micro Focus ArcSight Enterprise Security Manager, affecting versions 7.4.x and 7.5.x. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS). Se han identificado posibles vulnerabilidades en Micro Focus ArcSight Enterprise Security Manager, afectando las versiones 7.4.x y 7.5.x. Las vulnerabilidades podrían ser explotadas de forma remota resultando en ataques de tipo Cross-Site Scripting (XSS) • https://portal.microfocus.com/s/article/KM000003453?language=en_US • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2021-38124
https://notcve.org/view.php?id=CVE-2021-38124
Remote Code Execution vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM) product, affecting versions 7.0.2 through 7.5. The vulnerability could be exploited resulting in remote code execution. Una vulnerabilidad de ejecución de código remota en el producto Micro Focus ArcSight Enterprise Security Manager (ESM), que afecta a las versiones 7.0.2 hasta 7.5. La vulnerabilidad podría ser explotada resultando en una ejecución de código remota • https://portal.microfocus.com/s/article/KM000001960 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-9522
https://notcve.org/view.php?id=CVE-2020-9522
Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM) product, Affecting versions 7.0.x, 7.2 and 7.2.1 . The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS) or information disclosure. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en el producto Micro Focus ArcSight Enterprise Security Manager (ESM), afectando a las versiones 7.0.x, 7.2 y 7.2.1. Las vulnerabilidades podrían ser explotadas remotamente, resultando en un ataque de tipo Cross-Site Scripting (XSS) o una divulgación de información • https://softwaresupport.softwaregrp.com/doc/KM03650888 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.0EPSS: 0%CPEs: 5EXPL: 0CVE-2016-1991
https://notcve.org/view.php?id=CVE-2016-1991
HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows remote authenticated users to conduct unspecified "file download" attacks via unknown vectors. HPE ArcSight ESM 5.x en versiones anteriores a 5.6, 6.0, 6.5.x en versiones anteriores a 6.5C SP1 Patch 2 y 6.8c en versiones anteriores a P1 y ArcSight ESM Express en versiones anteriores a 6.9.1, permite a usuarios remotos autenticados llevar a cabo ataques de "descarga de archivo" no especificados a través de vectores desconocidos. • http://www.securitytracker.com/id/1035282 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05048452 •