Cross-Site Scripting in ArcSight Logger by Micro Focus
CVE-2023-24469

6.1MEDIUM

Key Information:

Vendor

Microfocus
Status
Arcsight Logger
Vendor
CVE Published:
13 June 2023

What is CVE-2023-24469?

A Cross-Site Scripting vulnerability exists in ArcSight Logger versions prior to 7.3.0, potentially allowing an attacker to inject malicious scripts into web pages viewed by users. This could lead to unauthorized actions performed on behalf of the user, exposing sensitive information or compromising user accounts.

Affected Version(s)

ArcSight Logger versions prior to 7.3.0

References

https://www.microfocus.com/support/downloads/
https://www.microfocus.com/documentation/arcsight/logger-...
https://portal.microfocus.com/s/article/KM000018224?langu...

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.