HP ArcSight ESM and ArcSight ESM Express CVE-2017-14356 SQL Injection Vulnerability

HP ArcSight ESM and ArcSight ESM Express are prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied input before using it in an SQL query.

An attacker can exploit this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Versions HP ArcSight ESM and ArcSight ESM Express 6.x prior to 6.9.1c Patch 4 or 6.11.0 Patch 1 are vulnerable.

Information

Bugtraq ID: 101627
Class: Input Validation Error
CVE: CVE-2017-14356

Remote: Yes
Local: No
Published: Oct 31 2017 12:00AM
Updated: Oct 31 2017 12:00AM
Credit: Cosmin Maier from Zeroday.PRO Threat Research Lab
Vulnerable: HP ArcSight ESM Express 6.0
HP ArcSight ESM 6.8
HP ArcSight ESM 6.5
HP ArcSight ESM 6.0

Not Vulnerable: HP ArcSight ESM Express 6.9.1c Patch 4
HP ArcSight ESM Express 6.11.0 Patch 1
HP ArcSight ESM 6.9.1c Patch 4
HP ArcSight ESM 6.11.0 Patch 1

Exploit

An attacker can exploit this issue using a web browser.

References:

ESB-2017.2737 - [RedHat][SUSE] HP ArcSight ESM: Multiple vulnerabilities (auscert.org.au)
HP Homepage (HP)

Source: www.securityfocus.com

Exploit Collector

Search Exploit