Jefferson Ogata

#19333of 53,635
13.7Total CVSS
Vulnerabilities · 2
Medium
2
PT-2015-5963
6.8
2015-11-04
Hewlett Packard · Hp Arcsight Smartconnectors · CVE-2015-2902
**Name of the Vulnerable Software and Affected Versions** HP ArcSight SmartConnectors versions prior to 7.1.6 **Description** The issue allows man-in-the-middle attackers to spoof devices and obtain sensitive information via a crafted certificate, as HP ArcSight SmartConnectors do not verify X.509 certificates from Logger devices. **Recommendations** For versions prior to 7.1.6, update to version 7.1.6 or later to resolve the issue.
PT-2015-5964
6.9
2015-11-04
Hewlett Packard · Hp Arcsight Smartconnectors · CVE-2015-2903
**Name of the Vulnerable Software and Affected Versions** HP ArcSight SmartConnectors versions prior to 7.1.6 **Description** The issue concerns a hardcoded password in the CWSAPI SOAP service, which can be exploited by remote attackers to gain administrative access. **Recommendations** For versions prior to 7.1.6, update to version 7.1.6 or later to resolve the issue.