CVE-2015-2903

medium

HPE

CVSS v3 Base Score

6.9

AV:L/AC:M/Au:N/C:C/I:C/A:C

EPSS Score

0.5%

Exploitation probability in 30 days

Top 33% most likely to be exploited

Attack Characteristics

Attack Vector

Local

Attack Complexity

Confidentiality

Integrity

Availability

Published: November 4, 2015 (3845 days ago)

Last Modified: May 6, 2026

Vendor: HPE

Source: NVD

Description

The CWSAPI SOAP service in HP ArcSight SmartConnectors before 7.1.6 has a hardcoded password, which makes it easier for remote attackers to obtain administrative access by leveraging knowledge of this password.

CWE

NVD-CWE-Other

Affected Products

hp arcsight smartconnectors

References

🔗 www.kb.cert.org 🔗 www.securitytracker.com 🔗 h20564.www2.hpe.com 🔗 www.kb.cert.org 🔗 www.securitytracker.com

CVE-2015-2903

Vulnerability Report

Description

CWE

Affected Products

References