CVE: CVE-2015-2903 - CVE-Search

CVE Details for CVE: CVE-2015-2903

Summary

The CWSAPI SOAP service in HP ArcSight SmartConnectors before 7.1.6 has a hardcoded password, which makes it easier for remote attackers to obtain administrative access by leveraging knowledge of this password.

Timestamps
Last major update	07-12-2016 - 18:10
Published	04-11-2015 - 03:59
Last modified	07-12-2016 - 18:10

References

http://www.kb.cert.org/vuls/id/350508
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04850932
http://www.securitytracker.com/id/1034078

Vulnerable Configurations

cpe:2.3:a:hp:arcsight_smartconnectors:*:*:*:*:*:*:*:*
cpe:2.3:a:hp:arcsight_smartconnectors:*:*:*:*:*:*:*:*

CAPEC

Click the CAPEC title to display a description

CWE

NVD-CWE-Other

CVSS

Base

6.9

Impact

10.0

Exploitability

3.4

Access

Vector	Complexity	Authentication
LOCAL	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

CVSS3

None

VIA4 references

cvss-vector via4

AV:L/AC:M/Au:N/C:C/I:C/A:C

refmap via4

cert-vn	VU#350508
confirm	https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04850932
sectrack	1034078