ArcSight Security Management Center stored cross site script issue in version prior to 2.9.1
CVE-2019-3486

4.6MEDIUM

Key Information:

Vendor

Micro Focus

Status
Arcsight Security Management Center
Vendor
CVE Published:
25 July 2019

What is CVE-2019-3486?

Mitigates a stored cross site scripting issue in ArcSight Security Management Center versions prior to 2.9.1

Affected Version(s)

Arcsight Security Management Center < 2.9.1

References

https://community.microfocus.com/t5/ArcSight-Management-C...
x_refsource_CONFIRM

CVSS V3.1

Score:
4.6
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Special thanks to ING Tech Poland for responsibly disclosing this vulnerability.
.