This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

HP ArcSight Enterprise Security Management and Logger, Multiple Remote Vulnerabilities

Revised text: Mar-13-2015: Updated to include Logger 5.5 P2 as having the fix also.

----

DESCRIPTION

Earlier today, HP ArcSight announced that potential security vulnerabilities have been identified with HP ArcSight Enterprise Security Management (ESM) and HP ArcSight Logger. HP's internal investigation also revealed that HP ArcSight Express could also be vulnerable. These vulnerabilities could be exploited remotely, resulting in the ability to upload arbitrary files to the Logger server (does not affect ESM), cross-site request forgery, authorization bypass, cross frame scripting, or XML external entity injection.

This impacts the following software

  • HP ArcSight Enterprise Security Management (ESM) prior to v6.5c SP1 P1
  • HP ArcSight Express prior to v4.0 P1
  • HP ArcSight Logger prior to v5.52 and HP ArcSight Logger v6.00

CVSS 2.0 base metrics

Reference

Base Vector

Base Score

CVE-2014-7884

(AV:N/AC:M/Au:S/C:P/I:P/A:P)

6.0

CVE-2014-7885

(AV:N/AC:H/Au:N/C:P/I:P/A:P)

5.1

Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

The Hewlett-Packard Company thanks Julian Horoszkiewicz for reporting these issues to security-alert@hp.com

RESOLUTION

HP has made the following software updates available to resolve the vulnerabilities. The updates may be downloaded from: https://softwaresupport.hp.com/

  • Logger 6.01 (or) Logger 5.52
  • ESM 6.8c (or) E

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive