CVE-2015-6030

high

HPE

CVSS v3 Base Score

7.2

AV:L/AC:L/Au:N/C:C/I:C/A:C

EPSS Score

0.1%

Exploitation probability in 30 days

Top 68% most likely to be exploited

Attack Characteristics

Attack Vector

Local

Attack Complexity

Low

Confidentiality

Integrity

Availability

Published: November 4, 2015 (3845 days ago)

Last Modified: May 6, 2026

Vendor: HPE

Source: NVD

Description

HP ArcSight Logger 6.0.0.7307.1, ArcSight Command Center 6.8.0.1896.0, and ArcSight Connector Appliance 6.4.0.6881.3 use the root account to execute files owned by the arcsight user, which might allow local users to gain privileges by leveraging arcsight account access.

CWE

CWE-264

Affected Products

hp arcsight connector appliancehp arcsight loggerhp arcsight command centerhp arcsight connectorshp arcsight expresshp arcsight management centermicrofocus arcsight enterprise security manager

References

🔗 www.kb.cert.org 🔗 www.securitytracker.com 🔗 www.securitytracker.com 🔗 h20566.www2.hpe.com 🔗 www.kb.cert.org

CVE-2015-6030

Vulnerability Report

Description

CWE

Affected Products

References