Vulnerability Note VU#868948
HP ArcSight contains multiple vulnerabilities
HP ArcSight Logger and ESM contains multiple vulnerabilities.
CWE-434: Unrestricted Upload of File with Dangerous Type - CVE Pending
HP ArcSight Logger 126.96.36.19938.0 configuration import file upload capability does not sanitize file names, which allows a remote, authenticated attacker to put arbitrary files into the document root. This vulnerability may allow an attacker to execute arbitrary scripts on the server at the privilege level of the application.
These vulnerabilities may allow remote authenticated attackers to disrupt or modify resources on the system and potentially execute arbitrary scripts on the server.
Apply an Update
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Hewlett-Packard Company||Affected||09 Sep 2014||12 Mar 2015|
CVSS Metrics (Learn More)
Thanks to Julian Horoszkiewicz for reporting this vulnerability.
This document was written by Chris King.
- CVE IDs: Unknown
- Date Public: 12 Mar 2015
- Date First Published: 17 Mar 2015
- Date Last Updated: 17 Mar 2015
- Document Revision: 17
If you have feedback, comments, or additional information about this vulnerability, please send us email.