Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for ArcSight Logger by Micro Focus

    CVE-2020-11851 (GCVE-0-2020-11851)

    Vulnerability from nvd – Published: 2020-11-17 01:02 – Updated: 2024-08-04 11:42
    VLAI
    Summary
    Arbitrary code execution vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. The vulnerability could be remotely exploited resulting in the execution of arbitrary code.
    Severity
    No CVSS data available.
    CWE
    • Arbitrary code execution.
    Assigner
    References
    Impacted products
    Vendor Product Version
    Micro Focus ArcSight Logger Affected: All version prior to version 7.1.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:42:00.687Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-7-1-1/ta-p/2837600"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ArcSight Logger",
              "vendor": "Micro Focus",
              "versions": [
                {
                  "status": "affected",
                  "version": "All version prior to version 7.1.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Arbitrary code execution vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. The vulnerability could be remotely exploited resulting in the execution of arbitrary code."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Arbitrary code execution.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:16:04.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-7-1-1/ta-p/2837600"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "ID": "CVE-2020-11851",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ArcSight Logger",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All version prior to version 7.1.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Micro Focus"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Arbitrary code execution vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. The vulnerability could be remotely exploited resulting in the execution of arbitrary code."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Arbitrary code execution."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-7-1-1/ta-p/2837600",
                  "refsource": "CONFIRM",
                  "url": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-7-1-1/ta-p/2837600"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2020-11851",
        "datePublished": "2020-11-17T01:02:34.000Z",
        "dateReserved": "2020-04-16T00:00:00.000Z",
        "dateUpdated": "2024-08-04T11:42:00.687Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-25834 (GCVE-0-2020-25834)

    Vulnerability from nvd – Published: 2020-11-17 00:51 – Updated: 2024-08-04 15:40
    VLAI
    Summary
    Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger product, affecting version 7.1. The vulnerability could be remotely exploited resulting in Cross-Site Scripting (XSS).
    Severity
    No CVSS data available.
    CWE
    • Cross-Site Scripting.
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T15:40:37.000Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-7-1-1/ta-p/2837600"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cybereagle.io/blog/cve-2020-25834/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ArcSight Logger",
              "vendor": "Micro Focus",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger product, affecting version 7.1. The vulnerability could be remotely exploited resulting in Cross-Site Scripting (XSS)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:15:44.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-7-1-1/ta-p/2837600"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cybereagle.io/blog/cve-2020-25834/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "ID": "CVE-2020-25834",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ArcSight Logger",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Micro Focus"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger product, affecting version 7.1. The vulnerability could be remotely exploited resulting in Cross-Site Scripting (XSS)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-7-1-1/ta-p/2837600",
                  "refsource": "CONFIRM",
                  "url": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-7-1-1/ta-p/2837600"
                },
                {
                  "name": "https://www.cybereagle.io/blog/cve-2020-25834/",
                  "refsource": "MISC",
                  "url": "https://www.cybereagle.io/blog/cve-2020-25834/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2020-25834",
        "datePublished": "2020-11-17T00:51:31.000Z",
        "dateReserved": "2020-09-23T00:00:00.000Z",
        "dateUpdated": "2024-08-04T15:40:37.000Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-11860 (GCVE-0-2020-11860)

    Vulnerability from nvd – Published: 2020-11-17 00:54 – Updated: 2024-08-04 11:42
    VLAI
    Summary
    Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. The vulnerability could be remotely exploited resulting in Cross-Site Scripting (XSS)
    Severity
    No CVSS data available.
    CWE
    • Cross-Site Scripting.
    Assigner
    References
    Impacted products
    Vendor Product Version
    Micro Focus ArcSight Logger Affected: All version prior to version 7.1.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:42:00.534Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-7-1-1/ta-p/2837600"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ArcSight Logger",
              "vendor": "Micro Focus",
              "versions": [
                {
                  "status": "affected",
                  "version": "All version prior to version 7.1.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. The vulnerability could be remotely exploited resulting in Cross-Site Scripting (XSS)"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:15:23.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-7-1-1/ta-p/2837600"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "ID": "CVE-2020-11860",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ArcSight Logger",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All version prior to version 7.1.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Micro Focus"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. The vulnerability could be remotely exploited resulting in Cross-Site Scripting (XSS)"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-7-1-1/ta-p/2837600",
                  "refsource": "CONFIRM",
                  "url": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-7-1-1/ta-p/2837600"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2020-11860",
        "datePublished": "2020-11-17T00:54:23.000Z",
        "dateReserved": "2020-04-16T00:00:00.000Z",
        "dateUpdated": "2024-08-04T11:42:00.534Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-3485 (GCVE-0-2019-3485)

    Vulnerability from nvd – Published: 2019-07-24 15:30 – Updated: 2024-09-17 02:06
    VLAI
    Title
    ArcSight Logger stored cross site script issue in version prior to 6.7.1
    Summary
    Mitigates a stored cross site scripting issue in ArcSight Logger versions prior to 6.7.1
    CWE
    • stored cross site script
    Assigner
    References
    Impacted products
    Vendor Product Version
    Micro Focus ArcSight Logger Affected: ArcSight Logger , < 6.7.1 (custom)
    Create a notification for this product.
    Date Public
    2019-05-02 00:00
    Credits
    Special thanks to ING Tech Poland for responsibly disclosing this vulnerability.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:12:09.459Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "109363",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/109363"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-6-71/ta-p/1790256?attachment-id=75011"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ArcSight Logger",
              "vendor": "Micro Focus",
              "versions": [
                {
                  "lessThan": "6.7.1",
                  "status": "affected",
                  "version": "ArcSight Logger",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Special thanks to ING Tech Poland for responsibly disclosing this vulnerability."
            }
          ],
          "datePublic": "2019-05-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Mitigates a stored cross site scripting issue in ArcSight Logger versions prior to 6.7.1"
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "stored cross site script",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:15:40.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "name": "109363",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/109363"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-6-71/ta-p/1790256?attachment-id=75011"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to ArcSight Logger to a version \u003e 6.7.0"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "ArcSight Logger stored cross site script issue in version prior to 6.7.1",
          "x_generator": {
            "engine": "Vulnogram 0.0.5"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "DATE_PUBLIC": "2019-05-02T00:00:00.000Z",
              "ID": "CVE-2019-3485",
              "STATE": "PUBLIC",
              "TITLE": "ArcSight Logger stored cross site script issue in version prior to 6.7.1"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ArcSight Logger",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "ArcSight Logger",
                                "version_value": "6.7.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Micro Focus"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Special thanks to ING Tech Poland for responsibly disclosing this vulnerability."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Mitigates a stored cross site scripting issue in ArcSight Logger versions prior to 6.7.1"
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.5"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "stored cross site script"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "109363",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/109363"
                },
                {
                  "name": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-6-71/ta-p/1790256?attachment-id=75011",
                  "refsource": "CONFIRM",
                  "url": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-6-71/ta-p/1790256?attachment-id=75011"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Upgrade to ArcSight Logger to a version \u003e 6.7.0"
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2019-3485",
        "datePublished": "2019-07-24T15:30:12.893Z",
        "dateReserved": "2018-12-31T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:06:16.452Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-11851 (GCVE-0-2020-11851)

    Vulnerability from cvelistv5 – Published: 2020-11-17 01:02 – Updated: 2024-08-04 11:42
    VLAI
    Summary
    Arbitrary code execution vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. The vulnerability could be remotely exploited resulting in the execution of arbitrary code.
    Severity
    No CVSS data available.
    CWE
    • Arbitrary code execution.
    Assigner
    References
    Impacted products
    Vendor Product Version
    Micro Focus ArcSight Logger Affected: All version prior to version 7.1.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:42:00.687Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-7-1-1/ta-p/2837600"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ArcSight Logger",
              "vendor": "Micro Focus",
              "versions": [
                {
                  "status": "affected",
                  "version": "All version prior to version 7.1.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Arbitrary code execution vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. The vulnerability could be remotely exploited resulting in the execution of arbitrary code."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Arbitrary code execution.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:16:04.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-7-1-1/ta-p/2837600"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "ID": "CVE-2020-11851",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ArcSight Logger",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All version prior to version 7.1.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Micro Focus"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Arbitrary code execution vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. The vulnerability could be remotely exploited resulting in the execution of arbitrary code."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Arbitrary code execution."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-7-1-1/ta-p/2837600",
                  "refsource": "CONFIRM",
                  "url": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-7-1-1/ta-p/2837600"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2020-11851",
        "datePublished": "2020-11-17T01:02:34.000Z",
        "dateReserved": "2020-04-16T00:00:00.000Z",
        "dateUpdated": "2024-08-04T11:42:00.687Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-11860 (GCVE-0-2020-11860)

    Vulnerability from cvelistv5 – Published: 2020-11-17 00:54 – Updated: 2024-08-04 11:42
    VLAI
    Summary
    Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. The vulnerability could be remotely exploited resulting in Cross-Site Scripting (XSS)
    Severity
    No CVSS data available.
    CWE
    • Cross-Site Scripting.
    Assigner
    References
    Impacted products
    Vendor Product Version
    Micro Focus ArcSight Logger Affected: All version prior to version 7.1.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:42:00.534Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-7-1-1/ta-p/2837600"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ArcSight Logger",
              "vendor": "Micro Focus",
              "versions": [
                {
                  "status": "affected",
                  "version": "All version prior to version 7.1.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. The vulnerability could be remotely exploited resulting in Cross-Site Scripting (XSS)"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:15:23.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-7-1-1/ta-p/2837600"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "ID": "CVE-2020-11860",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ArcSight Logger",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All version prior to version 7.1.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Micro Focus"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. The vulnerability could be remotely exploited resulting in Cross-Site Scripting (XSS)"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-7-1-1/ta-p/2837600",
                  "refsource": "CONFIRM",
                  "url": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-7-1-1/ta-p/2837600"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2020-11860",
        "datePublished": "2020-11-17T00:54:23.000Z",
        "dateReserved": "2020-04-16T00:00:00.000Z",
        "dateUpdated": "2024-08-04T11:42:00.534Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-25834 (GCVE-0-2020-25834)

    Vulnerability from cvelistv5 – Published: 2020-11-17 00:51 – Updated: 2024-08-04 15:40
    VLAI
    Summary
    Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger product, affecting version 7.1. The vulnerability could be remotely exploited resulting in Cross-Site Scripting (XSS).
    Severity
    No CVSS data available.
    CWE
    • Cross-Site Scripting.
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T15:40:37.000Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-7-1-1/ta-p/2837600"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cybereagle.io/blog/cve-2020-25834/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ArcSight Logger",
              "vendor": "Micro Focus",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger product, affecting version 7.1. The vulnerability could be remotely exploited resulting in Cross-Site Scripting (XSS)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:15:44.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-7-1-1/ta-p/2837600"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cybereagle.io/blog/cve-2020-25834/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "ID": "CVE-2020-25834",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ArcSight Logger",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Micro Focus"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger product, affecting version 7.1. The vulnerability could be remotely exploited resulting in Cross-Site Scripting (XSS)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-7-1-1/ta-p/2837600",
                  "refsource": "CONFIRM",
                  "url": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-7-1-1/ta-p/2837600"
                },
                {
                  "name": "https://www.cybereagle.io/blog/cve-2020-25834/",
                  "refsource": "MISC",
                  "url": "https://www.cybereagle.io/blog/cve-2020-25834/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2020-25834",
        "datePublished": "2020-11-17T00:51:31.000Z",
        "dateReserved": "2020-09-23T00:00:00.000Z",
        "dateUpdated": "2024-08-04T15:40:37.000Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-3485 (GCVE-0-2019-3485)

    Vulnerability from cvelistv5 – Published: 2019-07-24 15:30 – Updated: 2024-09-17 02:06
    VLAI
    Title
    ArcSight Logger stored cross site script issue in version prior to 6.7.1
    Summary
    Mitigates a stored cross site scripting issue in ArcSight Logger versions prior to 6.7.1
    CWE
    • stored cross site script
    Assigner
    References
    Impacted products
    Vendor Product Version
    Micro Focus ArcSight Logger Affected: ArcSight Logger , < 6.7.1 (custom)
    Create a notification for this product.
    Date Public
    2019-05-02 00:00
    Credits
    Special thanks to ING Tech Poland for responsibly disclosing this vulnerability.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:12:09.459Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "109363",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/109363"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-6-71/ta-p/1790256?attachment-id=75011"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ArcSight Logger",
              "vendor": "Micro Focus",
              "versions": [
                {
                  "lessThan": "6.7.1",
                  "status": "affected",
                  "version": "ArcSight Logger",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Special thanks to ING Tech Poland for responsibly disclosing this vulnerability."
            }
          ],
          "datePublic": "2019-05-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Mitigates a stored cross site scripting issue in ArcSight Logger versions prior to 6.7.1"
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "stored cross site script",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:15:40.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "name": "109363",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/109363"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-6-71/ta-p/1790256?attachment-id=75011"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to ArcSight Logger to a version \u003e 6.7.0"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "ArcSight Logger stored cross site script issue in version prior to 6.7.1",
          "x_generator": {
            "engine": "Vulnogram 0.0.5"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "DATE_PUBLIC": "2019-05-02T00:00:00.000Z",
              "ID": "CVE-2019-3485",
              "STATE": "PUBLIC",
              "TITLE": "ArcSight Logger stored cross site script issue in version prior to 6.7.1"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ArcSight Logger",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "ArcSight Logger",
                                "version_value": "6.7.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Micro Focus"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Special thanks to ING Tech Poland for responsibly disclosing this vulnerability."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Mitigates a stored cross site scripting issue in ArcSight Logger versions prior to 6.7.1"
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.5"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "stored cross site script"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "109363",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/109363"
                },
                {
                  "name": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-6-71/ta-p/1790256?attachment-id=75011",
                  "refsource": "CONFIRM",
                  "url": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-6-71/ta-p/1790256?attachment-id=75011"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Upgrade to ArcSight Logger to a version \u003e 6.7.0"
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2019-3485",
        "datePublished": "2019-07-24T15:30:12.893Z",
        "dateReserved": "2018-12-31T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:06:16.452Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }