CVE-2017-13988

medium

Published 2017-09-30 · Modified 2026-05-13

CVSS v3

6.5

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CVSS v2

4.0

VIR risk

6.5

Description

An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to alter the maximum size of storage groups and enable/disable the setting for the 'follow schedule' function.

Predictions

Exploit likelihood

75%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

Application impact

Vendor	Product	Versions
hp	arcsight_enterprise_security_manager	`6.0`
hp	arcsight_enterprise_security_manager	`6.0c`
hp	arcsight_enterprise_security_manager	`6.5`
hp	arcsight_enterprise_security_manager	`6.5c`
hp	arcsight_enterprise_security_manager	`6.8`
hp	arcsight_enterprise_security_manager	`6.8c`
hp	arcsight_enterprise_security_manager	`6.9.0c`
hp	arcsight_enterprise_security_manager	`6.9.1c`
hp	arcsight_enterprise_security_manager	`6.11.0`
hp	arcsight_enterprise_security_manager_express	`6.0`
hp	arcsight_enterprise_security_manager_express	`6.0c`
hp	arcsight_enterprise_security_manager_express	`6.5`
hp	arcsight_enterprise_security_manager_express	`6.5c`
hp	arcsight_enterprise_security_manager_express	`6.8`
hp	arcsight_enterprise_security_manager_express	`6.8c`
hp	arcsight_enterprise_security_manager_express	`6.9.0`
hp	arcsight_enterprise_security_manager_express	`6.9.1c`
hp	arcsight_enterprise_security_manager_express	`6.11.0`

References

Verify integrity in audit chain (admin only). AS-IS.