Cross-Site Scripting Vulnerability in Micro Focus ArcSight Management Center
CVE-2020-11838

5.4MEDIUM

Key Information:

Vendor: Microfocus
Status: Arcsight Management Center.
Vendor: CVE Published:; 16 June 2020

What is CVE-2020-11838?

This vulnerability allows for cross-site scripting within Micro Focus ArcSight Management Center, enabling potential remote exploitation. An attacker could leverage this weakness to execute malicious scripts in a user's browser, leading to unauthorized information disclosure and possible compromise of user sessions.

Affected Version(s)

ArcSight Management Center. 2.6.1, 2.7.x, 2.8.x, 2.9.x prior to 2.9.4

References

https://softwaresupport.softwaregrp.com/doc/KM03650893

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 16, 2020
Vulnerability Reserved
Apr 16, 2020

Microfocus

What is CVE-2020-11838?

Affected Version(s)

References

CVSS V3.1

Timeline