What is the severity of CVE-2017-14357?

CVE-2017-14357 has a severity rating that indicates a medium level of risk due to its potential for Cross-Site Scripting (XSS) attacks.

How do I fix CVE-2017-14357?

To fix CVE-2017-14357, you should update HP ArcSight ESM or HP ArcSight ESM Express to versions 6.9.1c Patch 4 or 6.11.0 Patch 1 or later.

What are the affected versions for CVE-2017-14357?

CVE-2017-14357 affects any version of HP ArcSight ESM and HP ArcSight ESM Express prior to 6.9.1c Patch 4 or 6.11.0 Patch 1.

Can CVE-2017-14357 be exploited remotely?

Yes, CVE-2017-14357 can be exploited remotely through reflected and stored Cross-Site Scripting (XSS) vulnerabilities.

What is the nature of the vulnerability in CVE-2017-14357?

CVE-2017-14357 is a Reflected and Stored Cross-Site Scripting (XSS) vulnerability that can allow attackers to inject malicious scripts.

Vulnerability/
CVE-2017-14357

medium

6.1

CWE

31/10/2017

17/9/2024

CVE-2017-14357: XSS

First published: Tue Oct 31 2017(Updated: )

A Reflected and Stored Cross-Site Scripting (XSS) vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow Reflected and Stored Cross-Site Scripting (XSS)

Credit: meissner@suse.de

Affected Software	Affected Version	How to fix
HP Enterprise Security Manager	=6.0
HP Enterprise Security Manager	=6.0c
HP Enterprise Security Manager	=6.5
HP Enterprise Security Manager	=6.5-sp1
HP Enterprise Security Manager	=6.5c
HP Enterprise Security Manager	=6.5c-sp1
HP Enterprise Security Manager	=6.8
HP Enterprise Security Manager	=6.8c
HP Enterprise Security Manager	=6.9.0c
HP Enterprise Security Manager	=6.9.1c
HP Enterprise Security Manager	=6.9.1c-p1
HP Enterprise Security Manager	=6.9.1c-p2
HP Enterprise Security Manager	=6.9.1c-p3
HP Enterprise Security Manager	=6.11.0
Hewlett Packard Enterprise Security Manager Express	=6.0
Hewlett Packard Enterprise Security Manager Express	=6.0c
Hewlett Packard Enterprise Security Manager Express	=6.5
Hewlett Packard Enterprise Security Manager Express	=6.5-sp1
Hewlett Packard Enterprise Security Manager Express	=6.5c
Hewlett Packard Enterprise Security Manager Express	=6.5c-sp1
Hewlett Packard Enterprise Security Manager Express	=6.8
Hewlett Packard Enterprise Security Manager Express	=6.8c
Hewlett Packard Enterprise Security Manager Express	=6.9.0
Hewlett Packard Enterprise Security Manager Express	=6.9.0c
Hewlett Packard Enterprise Security Manager Express	=6.9.1c
Hewlett Packard Enterprise Security Manager Express	=6.9.1c-p1
Hewlett Packard Enterprise Security Manager Express	=6.9.1c-p2
Hewlett Packard Enterprise Security Manager Express	=6.9.1c-p3
Hewlett Packard Enterprise Security Manager Express	=6.11.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-14357?
CVE-2017-14357 has a severity rating that indicates a medium level of risk due to its potential for Cross-Site Scripting (XSS) attacks.
How do I fix CVE-2017-14357?
To fix CVE-2017-14357, you should update HP ArcSight ESM or HP ArcSight ESM Express to versions 6.9.1c Patch 4 or 6.11.0 Patch 1 or later.
What are the affected versions for CVE-2017-14357?
CVE-2017-14357 affects any version of HP ArcSight ESM and HP ArcSight ESM Express prior to 6.9.1c Patch 4 or 6.11.0 Patch 1.
Can CVE-2017-14357 be exploited remotely?
Yes, CVE-2017-14357 can be exploited remotely through reflected and stored Cross-Site Scripting (XSS) vulnerabilities.
What is the nature of the vulnerability in CVE-2017-14357?
CVE-2017-14357 is a Reflected and Stored Cross-Site Scripting (XSS) vulnerability that can allow attackers to inject malicious scripts.

agent/references
agent/type
agent/severity
agent/weakness
agent/author
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/first-publish-date
agent/source
agent/tags
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
vendor/hp
canonical/hp enterprise security manager
version/hp enterprise security manager/6.0
version/hp enterprise security manager/6.0c
version/hp enterprise security manager/6.5
version/hp enterprise security manager/6.5-sp1
version/hp enterprise security manager/6.5c
version/hp enterprise security manager/6.5c-sp1
version/hp enterprise security manager/6.8
version/hp enterprise security manager/6.8c
version/hp enterprise security manager/6.9.0c
version/hp enterprise security manager/6.9.1c
version/hp enterprise security manager/6.9.1c-p1
version/hp enterprise security manager/6.9.1c-p2
version/hp enterprise security manager/6.9.1c-p3
version/hp enterprise security manager/6.11.0
canonical/hewlett packard enterprise security manager express
version/hewlett packard enterprise security manager express/6.0
version/hewlett packard enterprise security manager express/6.0c
version/hewlett packard enterprise security manager express/6.5
version/hewlett packard enterprise security manager express/6.5-sp1
version/hewlett packard enterprise security manager express/6.5c
version/hewlett packard enterprise security manager express/6.5c-sp1
version/hewlett packard enterprise security manager express/6.8
version/hewlett packard enterprise security manager express/6.8c
version/hewlett packard enterprise security manager express/6.9.0
version/hewlett packard enterprise security manager express/6.9.0c
version/hewlett packard enterprise security manager express/6.9.1c
version/hewlett packard enterprise security manager express/6.9.1c-p1
version/hewlett packard enterprise security manager express/6.9.1c-p2
version/hewlett packard enterprise security manager express/6.9.1c-p3
version/hewlett packard enterprise security manager express/6.11.0