CVE-2015-6030
First published: Wed Nov 04 2015(Updated: )
HP ArcSight Logger 6.0.0.7307.1, ArcSight Command Center 6.8.0.1896.0, and ArcSight Connector Appliance 6.4.0.6881.3 use the root account to execute files owned by the arcsight user, which might allow local users to gain privileges by leveraging arcsight account access.
Credit: cret@cert.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| HP ArcSight Connector appliance | <=6.4.0.6881.3 | |
| HP ArcSight Logger | =6.0.0.7307.1 | |
| Hp Arcsight Command Center | =6.8.0.1896.0 | |
| Hp Arcsight Connectors | <=7.1.3 | |
| Hp Arcsight Express | =4.0 | |
| Hp Arcsight Express | =4.0-p1 | |
| Hp Arcsight Management Center | <=2.0 | |
| Microfocus Arcsight Enterprise Security Manager | <=6.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/event
- agent/weakness
- agent/description
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/hp
- canonical/hp arcsight connector appliance
- version/hp arcsight connector appliance/6.4.0.6881.3
- canonical/hp arcsight logger
- version/hp arcsight logger/6.0.0.7307.1
- canonical/hp arcsight command center
- version/hp arcsight command center/6.8.0.1896.0
- canonical/hp arcsight connectors
- version/hp arcsight connectors/7.1.3
- canonical/hp arcsight express
- version/hp arcsight express/4.0
- version/hp arcsight express/4.0-p1
- canonical/hp arcsight management center
- version/hp arcsight management center/2.0
- vendor/microfocus
- canonical/microfocus arcsight enterprise security manager
- version/microfocus arcsight enterprise security manager/6.5