HP ArcSight Logger and ESM contains multiple vulnerabilities.
CWE-434: Unrestricted Upload of File with Dangerous Type - CVE Pending
HP ArcSight Logger 126.96.36.19938.0 configuration import file upload capability does not sanitize file names, which allows a remote, authenticated attacker to put arbitrary files into the document root. This vulnerability may allow an attacker to execute arbitrary scripts on the server at the privilege level of the application.
These vulnerabilities may allow remote authenticated attackers to disrupt or modify resources on the system and potentially execute arbitrary scripts on the server.
Apply an Update
Thanks to Julian Horoszkiewicz for reporting this vulnerability.
This document was written by Chris King.
|Date First Published:||2015-03-17|
|Date Last Updated:||2015-03-17 19:04 UTC|