CVE-2017-13990

An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of Apache Tomcat application server version.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.0:*:*:*:*:*:*:*
cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.0c:*:*:*:*:*:*:*
cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.5:*:*:*:*:*:*:*
cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.5:sp1:*:*:*:*:*:*
cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.5c:*:*:*:*:*:*:*
cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.5c:sp1:*:*:*:*:*:*
cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.8:*:*:*:*:*:*:*
cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.8c:*:*:*:*:*:*:*
cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.9.0c:*:*:*:*:*:*:*
cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.9.1c:*:*:*:*:*:*:*
cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.9.1c:p1:*:*:*:*:*:*
cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.9.1c:p2:*:*:*:*:*:*
cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.9.1c:p3:*:*:*:*:*:*
cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.11.0:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.0:*:*:*:*:*:*:*
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.0c:*:*:*:*:*:*:*
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.5:*:*:*:*:*:*:*
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.5:sp1:*:*:*:*:*:*
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.5c:*:*:*:*:*:*:*
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.5c:sp1:*:*:*:*:*:*
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.8:*:*:*:*:*:*:*
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.8c:*:*:*:*:*:*:*
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.9.0:*:*:*:*:*:*:*
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.9.1c:*:*:*:*:*:*:*
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.9.1c:p1:*:*:*:*:*:*
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.9.1c:p2:*:*:*:*:*:*
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.9.1c:p3:*:*:*:*:*:*
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.11.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-09-30 01:29

Updated : 2024-02-04 19:29


NVD link : CVE-2017-13990

Mitre link : CVE-2017-13990

CVE.ORG link : CVE-2017-13990


JSON object : View

Products Affected

hp

  • arcsight_enterprise_security_manager_express
  • arcsight_enterprise_security_manager
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor