PT-2017-13182 · Micro Focus · Arcsight Esm Express+1
Publicado
2017-09-29
·
Atualizado
2019-10-03
·
CVE-2017-13988
CVSS v3.1
6.5
Média
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
ArcSight ESM versions prior to 6.9.1c Patch 4
ArcSight ESM versions prior to 6.11.0 Patch 1
ArcSight ESM Express versions prior to 6.9.1c Patch 4
ArcSight ESM Express versions prior to 6.11.0 Patch 1
Description
The issue is related to improper access control, allowing unauthorized users to modify settings such as the maximum size of storage groups and the 'follow schedule' function.
Recommendations
For ArcSight ESM versions prior to 6.9.1c Patch 4, update to 6.9.1c Patch 4 or later.
For ArcSight ESM versions prior to 6.11.0 Patch 1, update to 6.11.0 Patch 1 or later.
For ArcSight ESM Express versions prior to 6.9.1c Patch 4, update to 6.9.1c Patch 4 or later.
For ArcSight ESM Express versions prior to 6.11.0 Patch 1, update to 6.11.0 Patch 1 or later.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Arcsight Esm
Arcsight Esm Express