Vuln: HP ArcSight ESM and ArcSight ESM Express CVE-2017-14356 SQL Injection Vulnerability

Vuln: HP ArcSight ESM and ArcSight ESM Express CVE-2017-14356 SQL Injection Vulnerability

http://ift.tt/2yjAv6Y

HP ArcSight ESM and ArcSight ESM Express CVE-2017-14356 SQL Injection Vulnerability

Bugtraq ID: 101627
Class: Input Validation Error
CVE:

CVE-2017-14356

Remote: Yes
Local: No
Published: Oct 31 2017 12:00AM
Updated: Oct 31 2017 12:00AM
Credit: Cosmin Maier from Zeroday.PRO Threat Research Lab
Vulnerable:

HP ArcSight ESM Express 6.0

HP ArcSight ESM 6.8

HP ArcSight ESM 6.5

HP ArcSight ESM 6.0

Not Vulnerable:

HP ArcSight ESM Express 6.9.1c Patch 4

HP ArcSight ESM Express 6.11.0 Patch 1

HP ArcSight ESM 6.9.1c Patch 4

HP ArcSight ESM 6.11.0 Patch 1

Security News

via SecurityFocus Vulnerabilities http://ift.tt/Y0pFEv

October 31, 2017 at 05:36PM