PT-2016-4949 · Hewlett Packard · Hp Arcsight Esm+1

Published

2016-03-16

Updated

2018-10-17

CVE-2016-1991

CVSS v3.1

8.0

High

Vector

AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions HPE ArcSight ESM versions 5.x through 5.5 HPE ArcSight ESM version 6.0 HPE ArcSight ESM versions 6.5.x through 6.5C SP1 Patch 1 HPE ArcSight ESM version 6.8c before P1 HPE ArcSight ESM Express version prior to 6.9.1

Description The issue allows remote authenticated users to conduct file download attacks.

Recommendations For HPE ArcSight ESM versions 5.x through 5.5, update to version 5.6 or later. For HPE ArcSight ESM version 6.0, update to a later version. For HPE ArcSight ESM versions 6.5.x through 6.5C SP1 Patch 1, update to 6.5C SP1 Patch 2 or later. For HPE ArcSight ESM version 6.8c before P1, update to 6.8c P1 or later. For HPE ArcSight ESM Express version prior to 6.9.1, update to version 6.9.1 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2016-1991

Affected Products

Hp Arcsight Esm

Arcsight Esm Express

PT-2016-4949 · Hewlett Packard · Hp Arcsight Esm+1

CVE-2016-1991

Related Identifiers

Affected Products

References · 4