Vigil@nce - HP ArcSight Logger: privilege escalation
October 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An authenticated attacker can use HP ArcSight Logger, in order to
escalate his privileges.
Impacted products: ArcSight Logger.
Severity: 2/4.
Creation date: 11/08/2015.
DESCRIPTION OF THE VULNERABILITY
The HP ArcSight Logger product grants privileges to some users.
However, an authenticated attacker can bypass his authorization
restrictions. Technical details are unknown.
An authenticated attacker can therefore use HP ArcSight Logger, in
order to escalate his privileges.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/HP-ArcSight-Logger-privilege-escalation-17621