Vulnerability Note VU#842252
HP ArcSight Logger contains multiple vulnerabilities
HP ArcSight Logger contains multiple vulnerabilities, allowing authentication bypass and privilege escalation in certain scenarios.
CWE-285: Improper Authorization - CVE-2015-2136
A remote authenticated user without Logger Search permissions may be able to bypass authorization and perform searches via the SOAP interface.
An authenticated remote user without ArcSight Logger search privileges may be able to perform Logger searches. An unauthenticated remote user may be able to brute force guess a password without triggering any alerts. A user with arcsight credentials may be able to execute commands with the privileges of root.
Apply an update
Restrict access to the system and network
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Hewlett-Packard Company||Affected||20 Jul 2015||08 Sep 2015|
CVSS Metrics (Learn More)
Thanks to Hubert Mach and Julian Horoszkiewicz for reporting these issues to us.
This document was written by Garret Wassermann.
- CVE IDs: CVE-2015-2136 CVE-2015-6029 CVE-2015-6030
- Date Public: 19 Oct 2015
- Date First Published: 19 Oct 2015
- Date Last Updated: 26 Oct 2015
- Document Revision: 52
If you have feedback, comments, or additional information about this vulnerability, please send us email.