CVE-2016-1990

Published on: 03/16/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:05 PM UTC

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Certain versions of Arcsight Enterprise Security Manager from Microfocus contain the following vulnerability:

HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows local users to gain privileges for command execution via unspecified vectors.

  • CVE-2016-1990 has been assigned by URL Logo [email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 7.8 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
LOCAL LOW LOW NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH HIGH HIGH

CVSS2 Score: 4.3 - MEDIUM

Access
Vector
Access
Complexity
Authentication
LOCAL LOW SINGLE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL PARTIAL PARTIAL

CVE References

Description Tags Link
Document Display | HPE Support Center Patch
Vendor Advisory
h20566.www2.hpe.com
text/html
URL Logo CONFIRM h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05048452
HPE ArcSight Enterprise Security Manager Bugs Let Remote Authenticated Users Download Files and Local Users Gain Elevated Privileges - SecurityTracker Third Party Advisory
VDB Entry
www.securitytracker.com
text/html
URL Logo SECTRACK 1035282

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationMicrofocusArcsight Enterprise Security Manager6.0AllAllAll
ApplicationMicrofocusArcsight Enterprise Security Manager6.5AllAllAll
ApplicationMicrofocusArcsight Enterprise Security Manager6.8AllAllAll
ApplicationMicrofocusArcsight Enterprise Security Manager6.9AllAllAll
ApplicationMicrofocusArcsight Enterprise Security Manager6.0AllAllAll
ApplicationMicrofocusArcsight Enterprise Security Manager6.5AllAllAll
ApplicationMicrofocusArcsight Enterprise Security Manager6.8AllAllAll
ApplicationMicrofocusArcsight Enterprise Security Manager6.9AllAllAll
ApplicationMicrofocusArcsight Enterprise Security ManagerAllAllAllAll
  • cpe:2.3:a:microfocus:arcsight_enterprise_security_manager:6.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:microfocus:arcsight_enterprise_security_manager:6.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:microfocus:arcsight_enterprise_security_manager:6.8:*:*:*:*:*:*:*:
  • cpe:2.3:a:microfocus:arcsight_enterprise_security_manager:6.9:*:*:*:express:*:*:*:
  • cpe:2.3:a:microfocus:arcsight_enterprise_security_manager:6.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:microfocus:arcsight_enterprise_security_manager:6.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:microfocus:arcsight_enterprise_security_manager:6.8:*:*:*:*:*:*:*:
  • cpe:2.3:a:microfocus:arcsight_enterprise_security_manager:6.9:*:*:*:express:*:*:*:
  • cpe:2.3:a:microfocus:arcsight_enterprise_security_manager:*:*:*:*:*:*:*:*: