Search criteria
8 vulnerabilities found for ArcSight Logger by Micro Focus
CVE-2020-11851 (GCVE-0-2020-11851)
Vulnerability from nvd – Published: 2020-11-17 01:02 – Updated: 2024-08-04 11:42
VLAI
Summary
Arbitrary code execution vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. The vulnerability could be remotely exploited resulting in the execution of arbitrary code.
Severity
No CVSS data available.
CWE
- Arbitrary code execution.
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://community.microfocus.com/t5/Logger/Logger… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Micro Focus | ArcSight Logger |
Affected:
All version prior to version 7.1.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:42:00.687Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-7-1-1/ta-p/2837600"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ArcSight Logger",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "All version prior to version 7.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Arbitrary code execution vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. The vulnerability could be remotely exploited resulting in the execution of arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary code execution.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:16:04.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-7-1-1/ta-p/2837600"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2020-11851",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ArcSight Logger",
"version": {
"version_data": [
{
"version_value": "All version prior to version 7.1.1"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Arbitrary code execution vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. The vulnerability could be remotely exploited resulting in the execution of arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary code execution."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-7-1-1/ta-p/2837600",
"refsource": "CONFIRM",
"url": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-7-1-1/ta-p/2837600"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2020-11851",
"datePublished": "2020-11-17T01:02:34.000Z",
"dateReserved": "2020-04-16T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:42:00.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25834 (GCVE-0-2020-25834)
Vulnerability from nvd – Published: 2020-11-17 00:51 – Updated: 2024-08-04 15:40
VLAI
Summary
Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger product, affecting version 7.1. The vulnerability could be remotely exploited resulting in Cross-Site Scripting (XSS).
Severity
No CVSS data available.
CWE
- Cross-Site Scripting.
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://community.microfocus.com/t5/Logger/Logger… | x_refsource_CONFIRM |
| https://www.cybereagle.io/blog/cve-2020-25834/ | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Micro Focus | ArcSight Logger |
Affected:
7.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:40:37.000Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-7-1-1/ta-p/2837600"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cybereagle.io/blog/cve-2020-25834/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ArcSight Logger",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "7.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger product, affecting version 7.1. The vulnerability could be remotely exploited resulting in Cross-Site Scripting (XSS)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:44.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-7-1-1/ta-p/2837600"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cybereagle.io/blog/cve-2020-25834/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2020-25834",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ArcSight Logger",
"version": {
"version_data": [
{
"version_value": "7.1"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger product, affecting version 7.1. The vulnerability could be remotely exploited resulting in Cross-Site Scripting (XSS)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-7-1-1/ta-p/2837600",
"refsource": "CONFIRM",
"url": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-7-1-1/ta-p/2837600"
},
{
"name": "https://www.cybereagle.io/blog/cve-2020-25834/",
"refsource": "MISC",
"url": "https://www.cybereagle.io/blog/cve-2020-25834/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2020-25834",
"datePublished": "2020-11-17T00:51:31.000Z",
"dateReserved": "2020-09-23T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:40:37.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11860 (GCVE-0-2020-11860)
Vulnerability from nvd – Published: 2020-11-17 00:54 – Updated: 2024-08-04 11:42
VLAI
Summary
Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. The vulnerability could be remotely exploited resulting in Cross-Site Scripting (XSS)
Severity
No CVSS data available.
CWE
- Cross-Site Scripting.
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://community.microfocus.com/t5/Logger/Logger… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Micro Focus | ArcSight Logger |
Affected:
All version prior to version 7.1.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:42:00.534Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-7-1-1/ta-p/2837600"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ArcSight Logger",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "All version prior to version 7.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. The vulnerability could be remotely exploited resulting in Cross-Site Scripting (XSS)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:23.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-7-1-1/ta-p/2837600"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2020-11860",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ArcSight Logger",
"version": {
"version_data": [
{
"version_value": "All version prior to version 7.1.1"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. The vulnerability could be remotely exploited resulting in Cross-Site Scripting (XSS)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-7-1-1/ta-p/2837600",
"refsource": "CONFIRM",
"url": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-7-1-1/ta-p/2837600"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2020-11860",
"datePublished": "2020-11-17T00:54:23.000Z",
"dateReserved": "2020-04-16T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:42:00.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3485 (GCVE-0-2019-3485)
Vulnerability from nvd – Published: 2019-07-24 15:30 – Updated: 2024-09-17 02:06
VLAI
Title
ArcSight Logger stored cross site script issue in version prior to 6.7.1
Summary
Mitigates a stored cross site scripting issue in ArcSight Logger versions prior to 6.7.1
Severity
4.6 (Medium)
CWE
- stored cross site script
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/109363 | vdb-entryx_refsource_BID |
| https://community.microfocus.com/t5/Logger/Logger… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Micro Focus | ArcSight Logger |
Affected:
ArcSight Logger , < 6.7.1
(custom)
|
Date Public
2019-05-02 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:12:09.459Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "109363",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/109363"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-6-71/ta-p/1790256?attachment-id=75011"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ArcSight Logger",
"vendor": "Micro Focus",
"versions": [
{
"lessThan": "6.7.1",
"status": "affected",
"version": "ArcSight Logger",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Special thanks to ING Tech Poland for responsibly disclosing this vulnerability."
}
],
"datePublic": "2019-05-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Mitigates a stored cross site scripting issue in ArcSight Logger versions prior to 6.7.1"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "stored cross site script",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:40.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"name": "109363",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/109363"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-6-71/ta-p/1790256?attachment-id=75011"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to ArcSight Logger to a version \u003e 6.7.0"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ArcSight Logger stored cross site script issue in version prior to 6.7.1",
"x_generator": {
"engine": "Vulnogram 0.0.5"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2019-05-02T00:00:00.000Z",
"ID": "CVE-2019-3485",
"STATE": "PUBLIC",
"TITLE": "ArcSight Logger stored cross site script issue in version prior to 6.7.1"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ArcSight Logger",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "ArcSight Logger",
"version_value": "6.7.1"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Special thanks to ING Tech Poland for responsibly disclosing this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mitigates a stored cross site scripting issue in ArcSight Logger versions prior to 6.7.1"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.5"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "stored cross site script"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "109363",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/109363"
},
{
"name": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-6-71/ta-p/1790256?attachment-id=75011",
"refsource": "CONFIRM",
"url": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-6-71/ta-p/1790256?attachment-id=75011"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to ArcSight Logger to a version \u003e 6.7.0"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2019-3485",
"datePublished": "2019-07-24T15:30:12.893Z",
"dateReserved": "2018-12-31T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:06:16.452Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11851 (GCVE-0-2020-11851)
Vulnerability from cvelistv5 – Published: 2020-11-17 01:02 – Updated: 2024-08-04 11:42
VLAI
Summary
Arbitrary code execution vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. The vulnerability could be remotely exploited resulting in the execution of arbitrary code.
Severity
No CVSS data available.
CWE
- Arbitrary code execution.
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://community.microfocus.com/t5/Logger/Logger… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Micro Focus | ArcSight Logger |
Affected:
All version prior to version 7.1.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:42:00.687Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-7-1-1/ta-p/2837600"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ArcSight Logger",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "All version prior to version 7.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Arbitrary code execution vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. The vulnerability could be remotely exploited resulting in the execution of arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary code execution.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:16:04.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-7-1-1/ta-p/2837600"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2020-11851",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ArcSight Logger",
"version": {
"version_data": [
{
"version_value": "All version prior to version 7.1.1"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Arbitrary code execution vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. The vulnerability could be remotely exploited resulting in the execution of arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary code execution."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-7-1-1/ta-p/2837600",
"refsource": "CONFIRM",
"url": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-7-1-1/ta-p/2837600"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2020-11851",
"datePublished": "2020-11-17T01:02:34.000Z",
"dateReserved": "2020-04-16T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:42:00.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11860 (GCVE-0-2020-11860)
Vulnerability from cvelistv5 – Published: 2020-11-17 00:54 – Updated: 2024-08-04 11:42
VLAI
Summary
Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. The vulnerability could be remotely exploited resulting in Cross-Site Scripting (XSS)
Severity
No CVSS data available.
CWE
- Cross-Site Scripting.
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://community.microfocus.com/t5/Logger/Logger… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Micro Focus | ArcSight Logger |
Affected:
All version prior to version 7.1.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:42:00.534Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-7-1-1/ta-p/2837600"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ArcSight Logger",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "All version prior to version 7.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. The vulnerability could be remotely exploited resulting in Cross-Site Scripting (XSS)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:23.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-7-1-1/ta-p/2837600"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2020-11860",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ArcSight Logger",
"version": {
"version_data": [
{
"version_value": "All version prior to version 7.1.1"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. The vulnerability could be remotely exploited resulting in Cross-Site Scripting (XSS)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-7-1-1/ta-p/2837600",
"refsource": "CONFIRM",
"url": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-7-1-1/ta-p/2837600"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2020-11860",
"datePublished": "2020-11-17T00:54:23.000Z",
"dateReserved": "2020-04-16T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:42:00.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25834 (GCVE-0-2020-25834)
Vulnerability from cvelistv5 – Published: 2020-11-17 00:51 – Updated: 2024-08-04 15:40
VLAI
Summary
Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger product, affecting version 7.1. The vulnerability could be remotely exploited resulting in Cross-Site Scripting (XSS).
Severity
No CVSS data available.
CWE
- Cross-Site Scripting.
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://community.microfocus.com/t5/Logger/Logger… | x_refsource_CONFIRM |
| https://www.cybereagle.io/blog/cve-2020-25834/ | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Micro Focus | ArcSight Logger |
Affected:
7.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:40:37.000Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-7-1-1/ta-p/2837600"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cybereagle.io/blog/cve-2020-25834/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ArcSight Logger",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "7.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger product, affecting version 7.1. The vulnerability could be remotely exploited resulting in Cross-Site Scripting (XSS)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:44.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-7-1-1/ta-p/2837600"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cybereagle.io/blog/cve-2020-25834/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2020-25834",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ArcSight Logger",
"version": {
"version_data": [
{
"version_value": "7.1"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger product, affecting version 7.1. The vulnerability could be remotely exploited resulting in Cross-Site Scripting (XSS)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-7-1-1/ta-p/2837600",
"refsource": "CONFIRM",
"url": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-7-1-1/ta-p/2837600"
},
{
"name": "https://www.cybereagle.io/blog/cve-2020-25834/",
"refsource": "MISC",
"url": "https://www.cybereagle.io/blog/cve-2020-25834/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2020-25834",
"datePublished": "2020-11-17T00:51:31.000Z",
"dateReserved": "2020-09-23T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:40:37.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3485 (GCVE-0-2019-3485)
Vulnerability from cvelistv5 – Published: 2019-07-24 15:30 – Updated: 2024-09-17 02:06
VLAI
Title
ArcSight Logger stored cross site script issue in version prior to 6.7.1
Summary
Mitigates a stored cross site scripting issue in ArcSight Logger versions prior to 6.7.1
Severity
4.6 (Medium)
CWE
- stored cross site script
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/109363 | vdb-entryx_refsource_BID |
| https://community.microfocus.com/t5/Logger/Logger… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Micro Focus | ArcSight Logger |
Affected:
ArcSight Logger , < 6.7.1
(custom)
|
Date Public
2019-05-02 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:12:09.459Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "109363",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/109363"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-6-71/ta-p/1790256?attachment-id=75011"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ArcSight Logger",
"vendor": "Micro Focus",
"versions": [
{
"lessThan": "6.7.1",
"status": "affected",
"version": "ArcSight Logger",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Special thanks to ING Tech Poland for responsibly disclosing this vulnerability."
}
],
"datePublic": "2019-05-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Mitigates a stored cross site scripting issue in ArcSight Logger versions prior to 6.7.1"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "stored cross site script",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:40.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"name": "109363",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/109363"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-6-71/ta-p/1790256?attachment-id=75011"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to ArcSight Logger to a version \u003e 6.7.0"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ArcSight Logger stored cross site script issue in version prior to 6.7.1",
"x_generator": {
"engine": "Vulnogram 0.0.5"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2019-05-02T00:00:00.000Z",
"ID": "CVE-2019-3485",
"STATE": "PUBLIC",
"TITLE": "ArcSight Logger stored cross site script issue in version prior to 6.7.1"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ArcSight Logger",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "ArcSight Logger",
"version_value": "6.7.1"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Special thanks to ING Tech Poland for responsibly disclosing this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mitigates a stored cross site scripting issue in ArcSight Logger versions prior to 6.7.1"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.5"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "stored cross site script"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "109363",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/109363"
},
{
"name": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-6-71/ta-p/1790256?attachment-id=75011",
"refsource": "CONFIRM",
"url": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-6-71/ta-p/1790256?attachment-id=75011"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to ArcSight Logger to a version \u003e 6.7.0"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2019-3485",
"datePublished": "2019-07-24T15:30:12.893Z",
"dateReserved": "2018-12-31T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:06:16.452Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}