HP ArcSight ESM and ArcSight ESM Express Multiple Security Vulnerabilities
HP ArcSight ESM and ArcSight ESM Express are prone to the following security vulnerabilities:
1. A cross-site scripting vulnerability
2. An access-control bypass vulnerability
3. Multiple unauthorized access vulnerabilities
4. Multiple information-disclosure vulnerabilities
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, obtain potentially sensitive information, download arbitrary files, bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks.