Description
HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows local users to gain privileges for command execution via unspecified vectors.
References (2)
Core 2
Core References
Patch, Vendor Advisory x_refsource_confirm
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05048452
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1035282
Scores
CVSS v3
7.8
EPSS
0.0010
EPSS Percentile
27.0%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-264
Status
published
Products (5)
microfocus/arcsight_enterprise_security_manager
6.0
microfocus/arcsight_enterprise_security_manager
6.5
microfocus/arcsight_enterprise_security_manager
6.8
microfocus/arcsight_enterprise_security_manager
6.9
microfocus/arcsight_enterprise_security_manager
< 5.6
Published
Mar 16, 2016
Tracked Since
Feb 18, 2026