HP ArcSight ESM < 6.8c Information Disclosure

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

A security management system installed on the remote host is affected
by an information disclosure vulnerability.

Description :

According to its self-reported version number, the version of HP
ArcSight Enterprise Security Manager (ESM) installed on the remote
host is prior to 6.8.0.1896 (6.8c). It is, therefore, affected by an
unspecified flaw that allows an authenticated, remote attacker to
disclose sensitive information.

See also :

http://www.nessus.org/u?113a0d48
http://www.nessus.org/u?df41be50
http://seclists.org/bugtraq/2016/Mar/126

Solution :

Upgrade to HP ArcSight ESM version 6.8.0.1896 (6.8c) or later.

Risk factor :

Medium / CVSS Base Score : 4.0
(CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N)
CVSS Temporal Score : 3.0
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Misc.

Nessus Plugin ID: 90266 ()

Bugtraq ID:

CVE ID: CVE-2016-1992

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now