A remote authenticated user without Logger Search permissions may be able to bypass authentication and perform searches via the SOAP interface.
Incorrect login attempts via the SOAP interface are not logged or locked out, as they are through the standard web GUI. This may allow a remote unauthenticated attacker to attempt brute force password guesses without triggering an alert.
Several key files for ArcSight are owned by the arcsight user, but are executed with root privileges. This may allow a user with arcsight credentials to escalate privileges to root when running commands.
Carnegie Mellon University CERT Vulnerability Notes Database is available here - http://www.kb.cert.org/vuls/id/842252