CVE-2017-13990

Published: Sep 30, 2017Modified: May 13, 2026

5.3

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of Apache Tomcat application server version.

Affected (28)

Products: Hp: Arcsight Enterprise Security Manager, Arcsight Enterprise Security Manager Express

2 products

Arcsight Enterprise Security Manager

Arcsight Enterprise Security Manager Express

Configuration A

14 vulnerable

Vulnerable Software	Affected Versions
Hp Arcsight Enterprise Security Manager	Version 6.0
Hp Arcsight Enterprise Security Manager	Version 6.0c
Hp Arcsight Enterprise Security Manager	Version 6.11.0
Hp Arcsight Enterprise Security Manager	Version 6.5
Hp Arcsight Enterprise Security Manager	Version 6.5 sp1
Hp Arcsight Enterprise Security Manager	Version 6.5c
Hp Arcsight Enterprise Security Manager	Version 6.5c sp1
Hp Arcsight Enterprise Security Manager	Version 6.8
Hp Arcsight Enterprise Security Manager	Version 6.8c
Hp Arcsight Enterprise Security Manager	Version 6.9.0c
Hp Arcsight Enterprise Security Manager	Version 6.9.1c
Hp Arcsight Enterprise Security Manager	Version 6.9.1c p1
Hp Arcsight Enterprise Security Manager	Version 6.9.1c p2
Hp Arcsight Enterprise Security Manager	Version 6.9.1c p3

Configuration B

14 vulnerable

Vulnerable Software	Affected Versions
Hp Arcsight Enterprise Security Manager Express	Version 6.0
Hp Arcsight Enterprise Security Manager Express	Version 6.0c
Hp Arcsight Enterprise Security Manager Express	Version 6.11.0
Hp Arcsight Enterprise Security Manager Express	Version 6.5
Hp Arcsight Enterprise Security Manager Express	Version 6.5 sp1
Hp Arcsight Enterprise Security Manager Express	Version 6.5c
Hp Arcsight Enterprise Security Manager Express	Version 6.5c sp1
Hp Arcsight Enterprise Security Manager Express	Version 6.8
Hp Arcsight Enterprise Security Manager Express	Version 6.8c
Hp Arcsight Enterprise Security Manager Express	Version 6.9.0
Hp Arcsight Enterprise Security Manager Express	Version 6.9.1c
Hp Arcsight Enterprise Security Manager Express	Version 6.9.1c p1
Hp Arcsight Enterprise Security Manager Express	Version 6.9.1c p2
Hp Arcsight Enterprise Security Manager Express	Version 6.9.1c p3

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

http://www.securityfocus.com/bid/100935

Source: security@opentext.com

https://softwaresupport.hpe.com/km/KM02944672

Source: security@opentext.com

http://www.securityfocus.com/bid/100935

Source: af854a3a-2127-422b-91ae-364da2661108

https://softwaresupport.hpe.com/km/KM02944672

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.