CVE-2016-1991

HIGH

HPE ArcSight ESM <5.6,6.0,6.5C-6.8cP1 - Auth Bypass

Title source: llm

Description

HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows remote authenticated users to conduct unspecified "file download" attacks via unknown vectors.

References (2)

Core 2

Core References

Patch, Vendor Advisory x_refsource_confirm

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05048452

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1035282

Scores

CVSS v3 8.0

EPSS 0.0048

EPSS Percentile 65.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Details

Status published

Products (5)

microfocus/arcsight_enterprise_security_manager 6.0

microfocus/arcsight_enterprise_security_manager 6.5

microfocus/arcsight_enterprise_security_manager 6.8

microfocus/arcsight_enterprise_security_manager 6.9

microfocus/arcsight_enterprise_security_manager 5.0 - 5.6

Published Mar 16, 2016

Tracked Since Feb 18, 2026