CVE-2018-6503

A potential Access Control vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for vulnerable Access Controls.

CVSS v3 6.5 MEDIUM
CVSS v2.0 6.8 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector : AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:C/I:N/A:N

Exploitability : 8.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03245142

Configurations

Configuration 1 (hide)

cpe:2.3:a:hp:arcsight_management_center:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-09-20 19:29

Updated : 2023-11-07 02:59

NVD link : CVE-2018-6503

Mitre link : CVE-2018-6503

CVE.ORG link : CVE-2018-6503

JSON object : View

Products Affected

hp

arcsight_management_center

CWE

NVD-CWE-noinfo

{"id": "CVE-2018-6503", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "security@opentext.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2018-09-20T19:29:00.923", "references": [{"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03245142", "source": "security@opentext.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "A potential Access Control vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for vulnerable Access Controls."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad potencial de control de acceso en ArcSight Management Center (ArcMC) en todas las versiones anteriores a la 2.81. La vulnerabilidad podr\u00eda ser explotada para permitir controles de acceso vulnerables."}], "lastModified": "2023-11-07T02:59:59.677", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hp:arcsight_management_center:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF00B914-33FF-44F3-B862-9498CB32636A", "versionEndExcluding": "2.81"}], "operator": "OR"}]}], "sourceIdentifier": "security@opentext.com"}