An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to alter the maximum size of storage groups and enable/disable the setting for the follow schedule function.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Arcsight_enterprise_security_manager | Hp | 6.0 | 6.0 |
Arcsight_enterprise_security_manager | Hp | 6.0c | 6.0c |
Arcsight_enterprise_security_manager | Hp | 6.5 | 6.5 |
Arcsight_enterprise_security_manager | Hp | 6.5 | 6.5 |
Arcsight_enterprise_security_manager | Hp | 6.5c | 6.5c |
Arcsight_enterprise_security_manager | Hp | 6.5c | 6.5c |
Arcsight_enterprise_security_manager | Hp | 6.8 | 6.8 |
Arcsight_enterprise_security_manager | Hp | 6.8c | 6.8c |
Arcsight_enterprise_security_manager | Hp | 6.9.0c | 6.9.0c |
Arcsight_enterprise_security_manager | Hp | 6.9.1c | 6.9.1c |
Arcsight_enterprise_security_manager | Hp | 6.9.1c | 6.9.1c |
Arcsight_enterprise_security_manager | Hp | 6.9.1c | 6.9.1c |
Arcsight_enterprise_security_manager | Hp | 6.9.1c | 6.9.1c |
Arcsight_enterprise_security_manager | Hp | 6.11.0 | 6.11.0 |