HP ArcSight Enterprise Security Management and Logger, Multiple Remote Vulnerabilities
Revised text: Mar-13-2015: Updated to include Logger 5.5 P2 as having the fix also.
Earlier today, HP ArcSight announced that potential security vulnerabilities have been identified with HP ArcSight Enterprise Security Management (ESM) and HP ArcSight Logger. HP's internal investigation also revealed that HP ArcSight Express could also be vulnerable. These vulnerabilities could be exploited remotely, resulting in the ability to upload arbitrary files to the Logger server (does not affect ESM), cross-site request forgery, authorization bypass, cross frame scripting, or XML external entity injection.
This impacts the following software
- HP ArcSight Enterprise Security Management (ESM) prior to v6.5c SP1 P1
- HP ArcSight Express prior to v4.0 P1
- HP ArcSight Logger prior to v5.52 and HP ArcSight Logger v6.00
CVSS 2.0 base metrics
Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
The Hewlett-Packard Company thanks Julian Horoszkiewicz for reporting these issues to email@example.com
HP has made the following software updates available to resolve the vulnerabilities. The updates may be downloaded from: https://softwaresupport.hp.com/
Report: To report a potential security vulnerability with any HP supported product, send Email to: firstname.lastname@example.org
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive
Logger 5.5 P2 is already available from the same place where you can download Logger 5.5 and Logger 6.0. Select Logger 5.5 and the files available for download include the 5.5 P2 patches.
Does anybody installed the new patch 1 on his managed ArcSight Express v4.0 ? if yes, thanks to share your experiernce and let us know if it has any impact (good/bad) on your production environment