CVE-2015-6030
Severity Score
7.2
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
HP ArcSight Logger 6.0.0.7307.1, ArcSight Command Center 6.8.0.1896.0, and ArcSight Connector Appliance 6.4.0.6881.3 use the root account to execute files owned by the arcsight user, which might allow local users to gain privileges by leveraging arcsight account access.
HP ArcSight Logger 6.0.0.7307.1, ArcSight Command Center 6.8.0.1896.0 y ArcSight Connector Appliance 6.4.0.6881.3 utilizan la cuenta root para ejecutar archivos pertenecientes al usuario arcsight, lo que podrĂa permitir a usuarios locales obtener privilegios mediante el aprovechamiento del acceso a la cuenta ArcSight.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2015-08-14 CVE Reserved
- 2015-11-04 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://www.kb.cert.org/vuls/id/842252 | Third Party Advisory |
|
| http://www.securitytracker.com/id/1034072 | Third Party Advisory | |
| http://www.securitytracker.com/id/1034073 | Third Party Advisory | |
| https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04872416 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Hp Search vendor "Hp" | Arcsight Connector Appliance Search vendor "Hp" for product "Arcsight Connector Appliance" | <= 6.4.0.6881.3 Search vendor "Hp" for product "Arcsight Connector Appliance" and version " <= 6.4.0.6881.3" | - |
Affected
| ||||||
| Hp Search vendor "Hp" | Arcsight Logger Search vendor "Hp" for product "Arcsight Logger" | 6.0.0.7307.1 Search vendor "Hp" for product "Arcsight Logger" and version "6.0.0.7307.1" | - |
Affected
| ||||||
| Hp Search vendor "Hp" | Arcsight Command Center Search vendor "Hp" for product "Arcsight Command Center" | 6.8.0.1896.0 Search vendor "Hp" for product "Arcsight Command Center" and version "6.8.0.1896.0" | - |
Affected
| ||||||
| Hp Search vendor "Hp" | Arcsight Connectors Search vendor "Hp" for product "Arcsight Connectors" | <= 7.1.3 Search vendor "Hp" for product "Arcsight Connectors" and version " <= 7.1.3" | - |
Affected
| ||||||
| Hp Search vendor "Hp" | Arcsight Express Search vendor "Hp" for product "Arcsight Express" | 4.0 Search vendor "Hp" for product "Arcsight Express" and version "4.0" | - |
Affected
| ||||||
| Hp Search vendor "Hp" | Arcsight Express Search vendor "Hp" for product "Arcsight Express" | 4.0 Search vendor "Hp" for product "Arcsight Express" and version "4.0" | p1 |
Affected
| ||||||
| Hp Search vendor "Hp" | Arcsight Management Center Search vendor "Hp" for product "Arcsight Management Center" | <= 2.0 Search vendor "Hp" for product "Arcsight Management Center" and version " <= 2.0" | p1 |
Affected
| ||||||
| Microfocus Search vendor "Microfocus" | Arcsight Enterprise Security Manager Search vendor "Microfocus" for product "Arcsight Enterprise Security Manager" | <= 6.5 Search vendor "Microfocus" for product "Arcsight Enterprise Security Manager" and version " <= 6.5" | - |
Affected
| ||||||