Stored XSS Vulnerability in Micro Focus ArcSight Logger
CVE-2019-11656

5.4MEDIUM

Key Information:

Vendor: HP
Status: Arcsight Logger.
Vendor: CVE Published:; 4 October 2019

Summary

A stored XSS vulnerability exists in Micro Focus ArcSight Logger that allows attackers to inject malicious scripts into web pages viewed by other users. This flaw affects versions of the Logger prior to 6.7.1 HotFix 6.7.1.8262.0. By exploiting this vulnerability, an attacker could execute arbitrary scripts within the context of a user's session, potentially compromising sensitive information and the overall integrity of the application.

Affected Version(s)

ArcSight Logger. All versions prior to Logger 6.7.1 HotFix 6.7.1.8262.0.

References

https://community.microfocus.com/t5/ArcSight-Announcement...

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 4, 2019
Vulnerability Reserved
May 1, 2019