VSuresh Absent Member.
Absent Member.
2340 views

HP ArcSight Enterprise Security Management and Logger, Multiple Remote Vulnerabilities

Revised text: Mar-13-2015: Updated to include Logger 5.5 P2 as having the fix also.

----

DESCRIPTION

Earlier today, HP ArcSight announced that potential security vulnerabilities have been identified with HP ArcSight Enterprise Security Management (ESM) and HP ArcSight Logger. HP's internal investigation also revealed that HP ArcSight Express could also be vulnerable. These vulnerabilities could be exploited remotely, resulting in the ability to upload arbitrary files to the Logger server (does not affect ESM), cross-site request forgery, authorization bypass, cross frame scripting, or XML external entity injection.

This impacts the following software

  • HP ArcSight Enterprise Security Management (ESM) prior to v6.5c SP1 P1
  • HP ArcSight Express prior to v4.0 P1
  • HP ArcSight Logger prior to v5.52 and HP ArcSight Logger v6.00

CVSS 2.0 base metrics

Reference

Base Vector

Base Score

CVE-2014-7884

(AV:N/AC:M/Au:S/C:P/I:P/A:P)

6.0

CVE-2014-7885

(AV:N/AC:H/Au:N/C:P/I:P/A:P)

5.1

Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

The Hewlett-Packard Company thanks Julian Horoszkiewicz for reporting these issues to security-alert@hp.com

RESOLUTION

HP has made the following software updates available to resolve the vulnerabilities. The updates may be downloaded from: https://softwaresupport.hp.com/

  • Logger 6.01 (or) Logger 5.52
  • ESM 6.8c (or) E

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive

Labels (2)
21 Replies
Hakan Trusted Contributor.
Trusted Contributor.

Re: HP ArcSight Enterprise Security Management and Logger, Multiple Remote Vulnerabilities

Any impact on Logger 5.5 ?

HAKAN
0 Likes
Samour Absent Member.
Absent Member.

Re: HP ArcSight Enterprise Security Management and Logger, Multiple Remote Vulnerabilities

Where is Express 4.0 P1?

I only saw a notification for 6.5 SP1 patch 1

Please advise

0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: HP ArcSight Enterprise Security Management and Logger, Multiple Remote Vulnerabilities

0 Likes
vluiz1
New Member.

Re: HP ArcSight Enterprise Security Management and Logger, Multiple Remote Vulnerabilities

0 Likes
Highlighted
vluiz1
New Member.

Re: HP ArcSight Enterprise Security Management and Logger, Multiple Remote Vulnerabilities

The notification is here:

0 Likes
Samour Absent Member.
Absent Member.

Re: HP ArcSight Enterprise Security Management and Logger, Multiple Remote Vulnerabilities

No official email notification that a patch is released?

0 Likes
victorpichler Absent Member.
Absent Member.

Re: HP ArcSight Enterprise Security Management and Logger, Multiple Remote Vulnerabilities

There is supposed to be a patch for Logger 5.5 according to the article, but I cannot find it anywhere on https://softwaresupport.hp.com

0 Likes
vluiz1
New Member.

Re: HP ArcSight Enterprise Security Management and Logger, Multiple Remote Vulnerabilities

Logger 5.5 P2 is already available from the same place where you can download Logger 5.5 and Logger 6.0. Select Logger 5.5 and the files available for download include the 5.5 P2 patches.

0 Likes
shezaf1 Acclaimed Contributor.
Acclaimed Contributor.

Re: HP ArcSight Enterprise Security Management and Logger, Multiple Remote Vulnerabilities

I think you need to suscribe to the relevant SKUs on "my updates". In any case, I know it is easy to miss updates from HP (sent to the wrong person, requires pre-registration to a certain SKU etc) and therefore strongly suggest to subscribe to this message is posted on.

0 Likes
pkunkele Absent Member.
Absent Member.

Re: HP ArcSight Enterprise Security Management and Logger, Multiple Remote Vulnerabilities

That shows "You don't have permission"

I have enough active SAID's(also Gold partner) with valid licenses connected to my account .

0 Likes
Super Contributor.. hatemware Super Contributor..
Super Contributor..

Re: HP ArcSight Enterprise Security Management and Logger, Multiple Remote Vulnerabilities

Does anybody installed the new patch 1 on his managed ArcSight Express v4.0 ? if yes, thanks to share your experiernce and let us know if it has any impact (good/bad) on your production environment

Best Regards,

Hatem

0 Likes
shezaf1 Acclaimed Contributor.
Acclaimed Contributor.

Re: HP ArcSight Enterprise Security Management and Logger, Multiple Remote Vulnerabilities

The release notes for the respective versions that patch the vulnerability do not list it. The reason is that they were released before the vulnerability was announced. This announcement serves as the indicator that the issues are indeed fixed in the listed versions.

0 Likes
shezaf1 Acclaimed Contributor.
Acclaimed Contributor.

Re: HP ArcSight Enterprise Security Management and Logger, Multiple Remote Vulnerabilities

Few have reported this and we are looking into the issue. It is probably a web site issue and not an issue with your SAID. Please contact support to get the patch for now.

0 Likes
Samour Absent Member.
Absent Member.

Re: HP ArcSight Enterprise Security Management and Logger, Multiple Remote Vulnerabilities

Yeah I had the same issue with SAID initially last week and then the next day it was fine. A problem with SSO website.

And on that note... is there any shall I say positive news on improvements to the new portal that is now even slower and more buggy than the previous new one

Also, is there a way to submit a new case through email when the website is having issues?

Anyone else have problems when emailing attachments as updates to an existing case? They used to attach to the case automatically if they were a reasonable size, but now it is quite random. Sometimes it works and sometimes it doesn't.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.