CVE-2015-2902

HP ArcSight SmartConnectors <7.1.6 - Info Disclosure

Title source: llm

Description

HP ArcSight SmartConnectors before 7.1.6 do not verify X.509 certificates from Logger devices, which allows man-in-the-middle attackers to spoof devices and obtain sensitive information via a crafted certificate.

References (3)

Core 3

Core References

Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/350508

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1034078

Vendor Advisory x_refsource_confirm

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04850932

Scores

EPSS 0.0042

EPSS Percentile 61.9%

Details

CWE

CWE-310

Status published

Products (1)

hp/arcsight_smartconnectors < 7.1.5

Published Nov 04, 2015

Tracked Since Feb 18, 2026