| Max CVSS | 5.5 | Min CVSS | 4.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2017-13987 | 4.0 |
An insufficient access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows an unauthorized user to download log files.
|
03-10-2019 - 00:03 | 30-09-2017 - 01:29 | |
| CVE-2017-13988 | 4.0 |
An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to alter the maximum size of storage groups and enable/disable the setting for the
|
03-10-2019 - 00:03 | 30-09-2017 - 01:29 | |
| CVE-2017-13989 | 5.5 |
An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to retrieve or modify storage information.
|
03-10-2019 - 00:03 | 30-09-2017 - 01:29 | |
| CVE-2017-13991 | 5.0 |
An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of product license features.
|
05-10-2017 - 18:57 | 30-09-2017 - 01:29 | |
| CVE-2017-13990 | 5.0 |
An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of Apache Tomcat application server version.
|
05-10-2017 - 18:44 | 30-09-2017 - 01:29 | |
| CVE-2017-13986 | 4.3 |
A reflected Cross-Site Scripting(XSS) vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows for unintended information when a specific URL is sent to the system.
|
05-10-2017 - 18:43 | 30-09-2017 - 01:29 |