CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
25.4%
An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to retrieve or modify storage information.
Vendor | Product | Version | CPE |
---|---|---|---|
hp | arcsight_enterprise_security_manager | 6.0 | cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.0:*:*:*:*:*:*:* |
hp | arcsight_enterprise_security_manager | 6.0c | cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.0c:*:*:*:*:*:*:* |
hp | arcsight_enterprise_security_manager | 6.5 | cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.5:*:*:*:*:*:*:* |
hp | arcsight_enterprise_security_manager | 6.5 | cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.5:sp1:*:*:*:*:*:* |
hp | arcsight_enterprise_security_manager | 6.5c | cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.5c:*:*:*:*:*:*:* |
hp | arcsight_enterprise_security_manager | 6.5c | cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.5c:sp1:*:*:*:*:*:* |
hp | arcsight_enterprise_security_manager | 6.8 | cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.8:*:*:*:*:*:*:* |
hp | arcsight_enterprise_security_manager | 6.8c | cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.8c:*:*:*:*:*:*:* |
hp | arcsight_enterprise_security_manager | 6.9.0c | cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.9.0c:*:*:*:*:*:*:* |
hp | arcsight_enterprise_security_manager | 6.9.1c | cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.9.1c:*:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
25.4%