CVE-2015-6029

Published: Nov 4, 2015Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

HP ArcSight Logger before 6.0 P2 does not limit attempts to authenticate to the SOAP interface, which makes it easier for remote attackers to obtain access via a brute-force approach.

Affected (1)

Products: Hp: Arcsight Logger

1 product

Arcsight Logger

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Hp Arcsight Logger	Version 6.0.0.7307.1

Related CWEs

CWE-254

References (6)

http://www.kb.cert.org/vuls/id/842252

Source: cret@cert.org

Third Party AdvisoryUS Government Resource

http://www.securityfocus.com/bid/77128

Source: cret@cert.org

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04863612

Source: cret@cert.org

Vendor Advisory

http://www.kb.cert.org/vuls/id/842252

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

http://www.securityfocus.com/bid/77128

Source: af854a3a-2127-422b-91ae-364da2661108

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04863612

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.