CVE-2016-1990
Published on: 03/16/2016 12:00:00 AM UTC
Last Modified on: 03/23/2021 11:27:05 PM UTC
Certain versions of Arcsight Enterprise Security Manager from Microfocus contain the following vulnerability:
HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows local users to gain privileges for command execution via unspecified vectors.
- CVE-2016-1990 has been assigned by
[email protected] to track the vulnerability - currently rated as HIGH severity.
CVSS3 Score: 7.8 - HIGH
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|
---|---|---|---|---|
LOCAL | LOW | LOW | NONE | |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
|
UNCHANGED | HIGH | HIGH | HIGH |
CVSS2 Score: 4.3 - MEDIUM
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
LOCAL | LOW | SINGLE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
PARTIAL | PARTIAL | PARTIAL |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
Document Display | HPE Support Center | Patch Vendor Advisory h20566.www2.hpe.com text/html |
![]() |
HPE ArcSight Enterprise Security Manager Bugs Let Remote Authenticated Users Download Files and Local Users Gain Elevated Privileges - SecurityTracker | Third Party Advisory VDB Entry www.securitytracker.com text/html |
![]() |
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Application | Microfocus | Arcsight Enterprise Security Manager | 6.0 | All | All | All |
Application | Microfocus | Arcsight Enterprise Security Manager | 6.5 | All | All | All |
Application | Microfocus | Arcsight Enterprise Security Manager | 6.8 | All | All | All |
Application | Microfocus | Arcsight Enterprise Security Manager | 6.9 | All | All | All |
Application | Microfocus | Arcsight Enterprise Security Manager | 6.0 | All | All | All |
Application | Microfocus | Arcsight Enterprise Security Manager | 6.5 | All | All | All |
Application | Microfocus | Arcsight Enterprise Security Manager | 6.8 | All | All | All |
Application | Microfocus | Arcsight Enterprise Security Manager | 6.9 | All | All | All |
Application | Microfocus | Arcsight Enterprise Security Manager | All | All | All | All |
- cpe:2.3:a:microfocus:arcsight_enterprise_security_manager:6.0:*:*:*:*:*:*:*:
- cpe:2.3:a:microfocus:arcsight_enterprise_security_manager:6.5:*:*:*:*:*:*:*:
- cpe:2.3:a:microfocus:arcsight_enterprise_security_manager:6.8:*:*:*:*:*:*:*:
- cpe:2.3:a:microfocus:arcsight_enterprise_security_manager:6.9:*:*:*:express:*:*:*:
- cpe:2.3:a:microfocus:arcsight_enterprise_security_manager:6.0:*:*:*:*:*:*:*:
- cpe:2.3:a:microfocus:arcsight_enterprise_security_manager:6.5:*:*:*:*:*:*:*:
- cpe:2.3:a:microfocus:arcsight_enterprise_security_manager:6.8:*:*:*:*:*:*:*:
- cpe:2.3:a:microfocus:arcsight_enterprise_security_manager:6.9:*:*:*:express:*:*:*:
- cpe:2.3:a:microfocus:arcsight_enterprise_security_manager:*:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE