OpenText ArcSight Management Center and Platform Vulnerable to Stored XSS Attacks
CVE-2024-2834

8.7HIGH

Key Information:

Vendor: Opentext
Status: Arcsight Management Center; Arcsight Platform
Vendor: CVE Published:; 8 April 2024

Summary

A vulnerability has been identified in OpenText ArcSight Management Center and ArcSight Platform that allows for stored cross-site scripting (XSS). This security flaw can be exploited by an attacker to inject malicious scripts into web pages viewed by other users, enabling potential unauthorized access to sensitive data or session hijacking. The vulnerability underscores the importance of implementing robust input validation and output encoding practices to safeguard against XSS attacks, especially for web applications capable of remote exploitation.

Affected Version(s)

ArcSight Management Center 0

ArcSight Management Center 0 < 3.2.2 P1

ArcSight Management Center 3.2.3 < 3.2.3 P1

References

https://portal.microfocus.com/s/article/KM000028275

vendor-advisory

CVSS V3.1

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 8, 2024
Vulnerability Reserved
Mar 22, 2024