HP ArcSight Logger < 6.0 P2 Multiple Vulnerabilities
High Nessus Plugin ID 85988
SynopsisA log collection and management system installed on the remote host is affected by multiple vulnerabilities.
DescriptionAccording to its self-reported version number, the version of HP ArcSight Logger installed on the remote host is prior to 6.0 P2. It is, therefore, affected by multiple vulnerabilities :
- An authorization bypass vulnerability exists that allows an authenticated, remote attacker to bypass authorization checks and perform unauthorized actions.
- A security bypass vulnerability exists in the SOAP interface due to a failure to properly log and lockout failed login attempts. A remote attacker can exploit this to perform a brute-force attack. (CVE-2015-6029)
- A file command handling local privilege escalation vulnerability exists due to files owned by the arcsight user being executed with root privileges. A local attacker can exploit this to run commands to gain elevated privileges. (CVE-2015-6030)
SolutionUpgrade to HP ArcSight Logger 6.0 P2 or later.