Insecure Direct Object Reference exposed in OpenText ArcSight Intelligence
CVE-2024-6357

8.8HIGH

Key Information:

Vendor: Opentext
Status: Arcsight Intelligence
Vendor: CVE Published:; 6 August 2024

Summary

An Insecure Direct Object Reference vulnerability has been identified in OpenText ArcSight Intelligence, a widely used security analytics tool. This vulnerability allows unauthorized access to sensitive data, potentially leading to data breaches and user data exposure. Attackers can exploit this weakness to manipulate object references and gain access to resources they should not be able to see or use. Organizations using this product should implement recommended security patches and review their security configurations to mitigate risks associated with this vulnerability. Users are encouraged to stay informed about the security advisories from OpenText to ensure their systems are protected against potential exploit attempts.

Affected Version(s)

ArcSight Intelligence 0 < 6.4.13

References

https://portal.microfocus.com/s/article/KM000032593

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 6, 2024
Vulnerability Reserved
Jun 26, 2024