CVE-2011-2779

Windows Event Log SmartConnector in HP ArcSight Connector Appliance before 6.1 uses world-writable permissions for exported report files, which allows local users to change or delete log data by modifying a file, a different vulnerability than CVE-2011-0770.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.6 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:N/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 23%
VendorProductVersion
hpwindows_event_log_smartconnector
𝑥
≤ 6.0.0.60023.2
hparcsight_c1000_appliance
*
hparcsight_c1300_appliance
*
hparcsight_c3200_appliance
*
hparcsight_c3400_appliance
*
hparcsight_c5200_appliance
*
hparcsight_c5400_appliance
*
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.kb.cert.org/vuls/id/122054
https://exchange.xforce.ibmcloud.com/vulnerabilities/68855
http://www.kb.cert.org/vuls/id/122054
https://exchange.xforce.ibmcloud.com/vulnerabilities/68855