First published: Fri Sep 29 2017(Updated: )
An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to retrieve or modify storage information.
Credit: meissner@suse.de
Affected Software | Affected Version | How to fix |
---|---|---|
OpenText ArcSight Enterprise Security Manager | =6.0 | |
OpenText ArcSight Enterprise Security Manager | =6.0c | |
OpenText ArcSight Enterprise Security Manager | =6.5 | |
OpenText ArcSight Enterprise Security Manager | =6.5-sp1 | |
OpenText ArcSight Enterprise Security Manager | =6.5c | |
OpenText ArcSight Enterprise Security Manager | =6.5c-sp1 | |
OpenText ArcSight Enterprise Security Manager | =6.8 | |
OpenText ArcSight Enterprise Security Manager | =6.8c | |
OpenText ArcSight Enterprise Security Manager | =6.9.0c | |
OpenText ArcSight Enterprise Security Manager | =6.9.1c | |
OpenText ArcSight Enterprise Security Manager | =6.9.1c-p1 | |
OpenText ArcSight Enterprise Security Manager | =6.9.1c-p2 | |
OpenText ArcSight Enterprise Security Manager | =6.9.1c-p3 | |
OpenText ArcSight Enterprise Security Manager | =6.11.0 | |
Hp Arcsight Enterprise Security Manager Express | =6.0 | |
Hp Arcsight Enterprise Security Manager Express | =6.0c | |
Hp Arcsight Enterprise Security Manager Express | =6.5 | |
Hp Arcsight Enterprise Security Manager Express | =6.5-sp1 | |
Hp Arcsight Enterprise Security Manager Express | =6.5c | |
Hp Arcsight Enterprise Security Manager Express | =6.5c-sp1 | |
Hp Arcsight Enterprise Security Manager Express | =6.8 | |
Hp Arcsight Enterprise Security Manager Express | =6.8c | |
Hp Arcsight Enterprise Security Manager Express | =6.9.0 | |
Hp Arcsight Enterprise Security Manager Express | =6.9.1c | |
Hp Arcsight Enterprise Security Manager Express | =6.9.1c-p1 | |
Hp Arcsight Enterprise Security Manager Express | =6.9.1c-p2 | |
Hp Arcsight Enterprise Security Manager Express | =6.9.1c-p3 | |
Hp Arcsight Enterprise Security Manager Express | =6.11.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2017-13989 is classified as medium due to inadequate access controls allowing unauthorized access to sensitive data.
To fix CVE-2017-13989, upgrade to ArcSight ESM 6.9.1c Patch 4 or ArcSight ESM 6.11.0 Patch 1 or later.
CVE-2017-13989 affects ArcSight ESM and ArcSight ESM Express versions prior to 6.9.1c Patch 4 and 6.11.0 Patch 1.
CVE-2017-13989 is an improper access control vulnerability that allows unauthorized users to retrieve or modify storage information.
As of now, there are no public exploits specifically targeting CVE-2017-13989.