HP ArcSight SmartConnectors man-in-the-middle Vulnerability (CVE-2015-2902)
HP ArcSight SmartConnectors man-in-the-middle Vulnerability (CVE-2015-2902)
Release date:
Updated on:
Affected Systems:
HP ArcSight SmartConnectors <7.1.6
Description:
CVE (CAN) ID: CVE-2015-2902
HP ArcSight SmartConnectors is a scalable log collection and analysis solution.
Versions earlier than HP ArcSight SmartConnectors 7.1.6 failed to correctly verify the SLL certificate, and a hard-coded password vulnerability exists. Man-in-the-middle attackers can trick devices into obtaining sensitive information by constructing certificates.
<* Source: HP
Link: http://www.kb.cert.org/vuls/id/350508
*>
Suggestion:
Vendor patch:
HP
--
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay? DocId = emr_na-c04850932
Http://cwe.mitre.org/data/definitions/259.html
Http://cwe.mitre.org/data/definitions/295.html
Https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay? DocId = emr_na-c04850932
This article permanently updates the link address: