This script is Copyright (C) 2016 Tenable Network Security, Inc.
A security management system installed on the remote host is affected
by multiple vulnerabilities.
According to its self-reported version number, the version of HP
ArcSight Enterprise Security Manager (ESM) installed on the remote
host is prior to 5.6, 6.0, 220.127.116.115.0 (6.5c SP1 P2), or 18.104.22.1686
(6.8c). It is, therefore, affected by multiple vulnerabilities :
- An unspecified flaw exists that allows a local attacker
to execute arbitrary commands. (CVE-2016-1990)
- An unspecified flaw exists that allows an authenticated,
remote attacker to upload arbitrary files.
See also :
Upgrade to HP ArcSight ESM version 5.6 / 6.0 / 22.214.171.1245.0 (6.5c SP1
P2), or 126.96.36.1996 (6.8c) or later.
Risk factor :
Medium / CVSS Base Score : 6.5
CVSS Temporal Score : 5.4
Public Exploit Available : true