Unverified X.509 Certificate Vulnerability in HP ArcSight SmartConnectors

Unverified X.509 Certificate Vulnerability in HP ArcSight SmartConnectors

CVE-2015-2902 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

HP ArcSight SmartConnectors before 7.1.6 do not verify X.509 certificates from Logger devices, which allows man-in-the-middle attackers to spoof devices and obtain sensitive information via a crafted certificate.

Learn more about our Web Application Penetration Testing UK.