HP ArcSight ESM < 5.6 / 6.0 / 6.5c SP1 P2 / 6.8c Multiple Vulnerabilities
Medium Nessus Plugin ID 90313
SynopsisA security management system installed on the remote host is affected by multiple vulnerabilities.
DescriptionAccording to its self-reported version number, the version of HP ArcSight Enterprise Security Manager (ESM) installed on the remote host is prior to 5.6, 6.0, 126.96.36.1995.0 (6.5c SP1 P2), or 188.8.131.526 (6.8c). It is, therefore, affected by multiple vulnerabilities :
- An unspecified flaw exists that allows a local attacker to execute arbitrary commands. (CVE-2016-1990)
- An unspecified flaw exists that allows an authenticated, remote attacker to upload arbitrary files.
SolutionUpgrade to HP ArcSight ESM version 5.6 / 6.0 / 184.108.40.2065.0 (6.5c SP1 P2), or 220.127.116.116 (6.8c) or later.