MFSBGN03824 rev.1 - ArcSight Management Center, Insufficient Access Control, Reflected Cross Site Scripting, Access Control vulnerability, Cross-Site Request Forgery (CSRF), Unauthenticated File Download, Directory Traversal Vulnerability
CVE-2018-6504

8.8HIGH

Key Information:

Vendor: Micro Focus
Status: Arcsight Management Center
Vendor: CVE Published:; 19 September 2018

🔔 Create Micro Focus Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2018-6504?

A potential Cross-Site Request Forgery (CSRF) vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Cross-Site Request Forgery (CSRF).

Affected Version(s)

ArcSight Management Center all versions prior to 2.81

References

https://softwaresupport.softwaregrp.com/document/-/facets...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Aug 5, 2024
Vulnerability published
Sep 19, 2018
Vulnerability Reserved
Feb 1, 2018

Credit

Micro Focus would like to thank Andy Tan for reporting the Insufficient Access Control, Access Control Vulnerability, Reflected Cross Site Scripting, Cross-Site Request Forgery (CSRF), and Unauthenticated File Download vulnerabilities to [email protected].