CVE Vulnerabilities

CVE-2017-13988

Published: Sep 30, 2017 | Modified: Nov 07, 2023
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CVSS 2.x
4 MEDIUM
AV:N/AC:L/Au:S/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to alter the maximum size of storage groups and enable/disable the setting for the follow schedule function.

Affected Software

Name Vendor Start Version End Version
Arcsight_enterprise_security_manager Hp 6.0 6.0
Arcsight_enterprise_security_manager Hp 6.0c 6.0c
Arcsight_enterprise_security_manager Hp 6.5 6.5
Arcsight_enterprise_security_manager Hp 6.5 6.5
Arcsight_enterprise_security_manager Hp 6.5c 6.5c
Arcsight_enterprise_security_manager Hp 6.5c 6.5c
Arcsight_enterprise_security_manager Hp 6.8 6.8
Arcsight_enterprise_security_manager Hp 6.8c 6.8c
Arcsight_enterprise_security_manager Hp 6.9.0c 6.9.0c
Arcsight_enterprise_security_manager Hp 6.9.1c 6.9.1c
Arcsight_enterprise_security_manager Hp 6.9.1c 6.9.1c
Arcsight_enterprise_security_manager Hp 6.9.1c 6.9.1c
Arcsight_enterprise_security_manager Hp 6.9.1c 6.9.1c
Arcsight_enterprise_security_manager Hp 6.11.0 6.11.0

References