MFSBGN03824 rev.1 - ArcSight Management Center, Insufficient Access Control, Reflected Cross Site Scripting, Access Control vulnerability, Cross-Site Request Forgery (CSRF), Unauthenticated File Download, Directory Traversal Vulnerability
CVE-2018-6502

6.5MEDIUM

Key Information:

Vendor: Micro Focus
Status: Arcsight Management Center
Vendor: CVE Published:; 19 September 2018

🔔 Create Micro Focus Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2018-6502?

A potential Reflected Cross-Site Scripting (XSS) Security vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Reflected Cross-site Scripting (XSS).

Affected Version(s)

ArcSight Management Center all versions prior to 2.81

References

https://softwaresupport.softwaregrp.com/document/-/facets...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Aug 5, 2024
Vulnerability published
Sep 19, 2018
Vulnerability Reserved
Feb 1, 2018

Credit

Micro Focus would like to thank Andy Tan for reporting the Insufficient Access Control, Access Control Vulnerability, Reflected Cross Site Scripting, Cross-Site Request Forgery (CSRF), and Unauthenticated File Download vulnerabilities to [email protected].