Lucene search

[email protected]CVE-2015-6030

HistoryNov 04, 2015 - 3:59 a.m.

CVE-2015-6030

2015-11-0403:59:08

CWE-264

[email protected]

web.nvd.nist.gov

cve-2015-6030

arcsight logger

command center

connector appliance

privilege escalation

nvd

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.2 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.3%

JSON

HP ArcSight Logger 6.0.0.7307.1, ArcSight Command Center 6.8.0.1896.0, and ArcSight Connector Appliance 6.4.0.6881.3 use the root account to execute files owned by the arcsight user, which might allow local users to gain privileges by leveraging arcsight account access.

Affected configurations

NVD

Node

hparcsight_connector_applianceRange≤6.4.0.6881.3

Node

hparcsight_loggerMatch6.0.0.7307.1

Node

hparcsight_command_centerMatch6.8.0.1896.0

Node

hparcsight_connectorsRange≤7.1.3

hparcsight_expressMatch4.0

hparcsight_expressMatch4.0p1

hparcsight_management_centerRange≤2.0p1

microfocusarcsight_enterprise_security_managerRange≤6.5

CPENameOperatorVersion
hp:arcsight_connector_appliancehp arcsight connector appliancele6.4.0.6881.3

CPE	Name	Operator	Version
hp:arcsight_connector_appliance	hp arcsight connector appliance	le	6.4.0.6881.3

References

www.kb.cert.org/vuls/id/842252

www.securitytracker.com/id/1034072

www.securitytracker.com/id/1034073

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04872416

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.2 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.3%

JSON

Related for CVE-2015-6030

prion1 cvelist1 nvd1 nessus1 cert1