Description
HP ArcSight Logger before 6.0 P2 does not limit attempts to authenticate to the SOAP interface, which makes it easier for remote attackers to obtain access via a brute-force approach.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/77128
Vendor Advisory x_refsource_confirm
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04863612
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/842252
Scores
EPSS
0.0692
EPSS Percentile
91.5%
Details
CWE
CWE-254
Status
published
Products (1)
hp/arcsight_logger
6.0.0.7307.1
Published
Nov 04, 2015
Tracked Since
Feb 18, 2026