Unverified X.509 Certificate Vulnerability in HP ArcSight SmartConnectors
CVE-2015-2902 · MEDIUM Severity
AV:N/AC:M/AU:N/C:P/I:P/A:P
HP ArcSight SmartConnectors before 7.1.6 do not verify X.509 certificates from Logger devices, which allows man-in-the-middle attackers to spoof devices and obtain sensitive information via a crafted certificate.
Learn more about our Web Application Penetration Testing UK.