CVE-2015-6030

HP ArcSight Logger 6.0.0.7307.1, Command Center 6.8.0.1896.0, Connector Appliance 6.4.0.6881.3 - Privilege Escalation

Title source: llm

Description

HP ArcSight Logger 6.0.0.7307.1, ArcSight Command Center 6.8.0.1896.0, and ArcSight Connector Appliance 6.4.0.6881.3 use the root account to execute files owned by the arcsight user, which might allow local users to gain privileges by leveraging arcsight account access.

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1034073

Third Party Advisory x_refsource_confirm

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04872416

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1034072

Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/842252

Scores

EPSS 0.0013

EPSS Percentile 31.8%

Details

CWE

CWE-264

Status published

Products (7)

hp/arcsight_command_center 6.8.0.1896.0

hp/arcsight_connector_appliance < 6.4.0.6881.3

hp/arcsight_connectors < 7.1.3

hp/arcsight_express 4.0 (2 CPE variants)

hp/arcsight_logger 6.0.0.7307.1

hp/arcsight_management_center < 2.0

microfocus/arcsight_enterprise_security_manager < 6.5

Published Nov 04, 2015

Tracked Since Feb 18, 2026