HP ArcSight ESM and ArcSight ESM Express Multiple Security Vulnerabilities

HP ArcSight ESM and ArcSight ESM Express are prone to the following security vulnerabilities:

1. A cross-site scripting vulnerability
2. An access-control bypass vulnerability
3. Multiple unauthorized access vulnerabilities
4. Multiple information-disclosure vulnerabilities

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, obtain potentially sensitive information, download arbitrary files, bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks.


Privacy Statement
Copyright 2010, SecurityFocus