PT-2017-13181 · Micro Focus · Arcsight Esm Express+1

Published

2017-09-29

Updated

2019-10-03

CVE-2017-13987

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions ArcSight ESM versions prior to 6.9.1c Patch 4 ArcSight ESM versions prior to 6.11.0 Patch 1 ArcSight ESM Express versions prior to 6.9.1c Patch 4 ArcSight ESM Express versions prior to 6.11.0 Patch 1

Description The issue is related to insufficient access control, allowing unauthorized users to download log files.

Recommendations For ArcSight ESM versions prior to 6.9.1c Patch 4, update to 6.9.1c Patch 4 or later. For ArcSight ESM versions prior to 6.11.0 Patch 1, update to 6.11.0 Patch 1 or later. For ArcSight ESM Express versions prior to 6.9.1c Patch 4, update to 6.9.1c Patch 4 or later. For ArcSight ESM Express versions prior to 6.11.0 Patch 1, update to 6.11.0 Patch 1 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2017-13987

Affected Products

Arcsight Esm

Arcsight Esm Express

PT-2017-13181 · Micro Focus · Arcsight Esm Express+1

CVE-2017-13987

Related Identifiers

Affected Products

References · 4