Search

Find a vulnerability

Search criteria

    14 vulnerabilities found for arcsight_management_center by hp

    CVE-2019-3486 (GCVE-0-2019-3486)

    Vulnerability from nvd – Published: 2019-07-25 14:30 – Updated: 2024-09-16 22:35
    VLAI
    Title
    ArcSight Security Management Center stored cross site script issue in version prior to 2.9.1
    Summary
    Mitigates a stored cross site scripting issue in ArcSight Security Management Center versions prior to 2.9.1
    CWE
    • stored cross site script
    Assigner
    References
    Impacted products
    Date Public
    2019-05-08 00:00
    Credits
    Special thanks to ING Tech Poland for responsibly disclosing this vulnerability.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:12:09.507Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://community.microfocus.com/t5/ArcSight-Management-Center-ArcMC/ArcSight-Management-Center-2-91-Release-Notes/ta-p/1790266?attachment-id=74671"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Arcsight Security Management Center",
              "vendor": "Micro Focus",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.9.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Special thanks to ING Tech Poland for responsibly disclosing this vulnerability."
            }
          ],
          "datePublic": "2019-05-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Mitigates a stored cross site scripting issue in ArcSight Security Management Center versions prior to 2.9.1"
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "stored cross site script",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:16:01.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://community.microfocus.com/t5/ArcSight-Management-Center-ArcMC/ArcSight-Management-Center-2-91-Release-Notes/ta-p/1790266?attachment-id=74671"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to ArcSight Security Management Center to version 2.9.1 or later."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "ArcSight Security Management Center stored cross site script issue in version prior to 2.9.1",
          "x_generator": {
            "engine": "Vulnogram 0.0.5"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "",
              "ASSIGNER": "security@microfocus.com",
              "DATE_PUBLIC": "2019-05-08T00:00:00.000Z",
              "ID": "CVE-2019-3486",
              "STATE": "PUBLIC",
              "TITLE": "ArcSight Security Management Center stored cross site script issue in version prior to 2.9.1"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Arcsight Security Management Center",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c 2.9.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Micro Focus"
                  }
                ]
              }
            },
            "configuration": [],
            "credit": [
              {
                "lang": "eng",
                "value": "Special thanks to ING Tech Poland for responsibly disclosing this vulnerability."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Mitigates a stored cross site scripting issue in ArcSight Security Management Center versions prior to 2.9.1"
                }
              ]
            },
            "exploit": [],
            "generator": {
              "engine": "Vulnogram 0.0.5"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "stored cross site script"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://community.microfocus.com/t5/ArcSight-Management-Center-ArcMC/ArcSight-Management-Center-2-91-Release-Notes/ta-p/1790266?attachment-id=74671",
                  "refsource": "CONFIRM",
                  "url": "https://community.microfocus.com/t5/ArcSight-Management-Center-ArcMC/ArcSight-Management-Center-2-91-Release-Notes/ta-p/1790266?attachment-id=74671"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Upgrade to ArcSight Security Management Center to version 2.9.1 or later."
              }
            ],
            "source": {
              "advisory": "",
              "defect": [],
              "discovery": "EXTERNAL"
            },
            "work_around": []
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2019-3486",
        "datePublished": "2019-07-25T14:30:16.486Z",
        "dateReserved": "2018-12-31T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:35:08.353Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-6505 (GCVE-0-2018-6505)

    Vulnerability from nvd – Published: 2018-09-20 19:00 – Updated: 2024-09-17 03:59
    VLAI
    Title
    MFSBGN03824 rev.1 - ArcSight Management Center, Insufficient Access Control, Reflected Cross Site Scripting, Access Control vulnerability, Cross-Site Request Forgery (CSRF), Unauthenticated File Download, Directory Traversal Vulnerability
    Summary
    A potential Unauthenticated File Download vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Unauthenticated File Downloads.
    CWE
    • Unauthenticated File Download
    Assigner
    References
    Impacted products
    Vendor Product Version
    Micro Focus ArcSight Management Center Affected: all versions prior to 2.81
    Create a notification for this product.
    Date Public
    2018-09-19 00:00
    Credits
    Micro Focus would like to thank Andy Tan for reporting the Insufficient Access Control, Access Control Vulnerability, Reflected Cross Site Scripting, Cross-Site Request Forgery (CSRF), and Unauthenticated File Download vulnerabilities to cyber-psrt@microfocus.com.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:10:10.265Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03245142"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ArcSight Management Center",
              "vendor": "Micro Focus",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions prior to 2.81"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Micro Focus would like to thank Andy Tan for reporting the Insufficient Access Control, Access Control Vulnerability, Reflected Cross Site Scripting, Cross-Site Request Forgery (CSRF), and Unauthenticated File Download vulnerabilities to cyber-psrt@microfocus.com."
            }
          ],
          "datePublic": "2018-09-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A potential Unauthenticated File Download vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Unauthenticated File Downloads."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "Unauthenticated File Download"
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Unauthenticated File Download",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:15:46.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03245142"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "MFSBGN03824 rev.1 - ArcSight Management Center, Insufficient Access Control, Reflected Cross Site Scripting, Access Control vulnerability, Cross-Site Request Forgery (CSRF), Unauthenticated File Download, Directory Traversal Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "DATE_PUBLIC": "2018-09-19T16:00:00.000Z",
              "ID": "CVE-2018-6505",
              "STATE": "PUBLIC",
              "TITLE": "MFSBGN03824 rev.1 - ArcSight Management Center, Insufficient Access Control, Reflected Cross Site Scripting, Access Control vulnerability, Cross-Site Request Forgery (CSRF), Unauthenticated File Download, Directory Traversal Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ArcSight Management Center",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "all versions prior to 2.81"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Micro Focus"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Micro Focus would like to thank Andy Tan for reporting the Insufficient Access Control, Access Control Vulnerability, Reflected Cross Site Scripting, Cross-Site Request Forgery (CSRF), and Unauthenticated File Download vulnerabilities to cyber-psrt@microfocus.com."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A potential Unauthenticated File Download vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Unauthenticated File Downloads."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "Unauthenticated File Download"
              }
            ],
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Unauthenticated File Download"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03245142",
                  "refsource": "CONFIRM",
                  "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03245142"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2018-6505",
        "datePublished": "2018-09-20T19:00:00.000Z",
        "dateReserved": "2018-02-01T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:59:35.875Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-6503 (GCVE-0-2018-6503)

    Vulnerability from nvd – Published: 2018-09-20 19:00 – Updated: 2024-09-17 02:06
    VLAI
    Title
    MFSBGN03824 rev.1 - ArcSight Management Center, Insufficient Access Control, Reflected Cross Site Scripting, Access Control vulnerability, Cross-Site Request Forgery (CSRF), Unauthenticated File Download, Directory Traversal Vulnerability
    Summary
    A potential Access Control vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for vulnerable Access Controls.
    CWE
    • Access Control Vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    Micro Focus ArcSight Management Center Affected: all versions prior to 2.81
    Create a notification for this product.
    Date Public
    2018-09-19 00:00
    Credits
    Micro Focus would like to thank Andy Tan for reporting the Insufficient Access Control, Access Control Vulnerability, Reflected Cross Site Scripting, Cross-Site Request Forgery (CSRF), and Unauthenticated File Download vulnerabilities to cyber-psrt@microfocus.com.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:10:10.037Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03245142"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ArcSight Management Center",
              "vendor": "Micro Focus",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions prior to 2.81"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Micro Focus would like to thank Andy Tan for reporting the Insufficient Access Control, Access Control Vulnerability, Reflected Cross Site Scripting, Cross-Site Request Forgery (CSRF), and Unauthenticated File Download vulnerabilities to cyber-psrt@microfocus.com."
            }
          ],
          "datePublic": "2018-09-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A potential Access Control vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for vulnerable Access Controls."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "Access Control Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Access Control Vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:16:03.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03245142"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "MFSBGN03824 rev.1 - ArcSight Management Center, Insufficient Access Control, Reflected Cross Site Scripting, Access Control vulnerability, Cross-Site Request Forgery (CSRF), Unauthenticated File Download, Directory Traversal Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "DATE_PUBLIC": "2018-09-19T15:50:00.000Z",
              "ID": "CVE-2018-6503",
              "STATE": "PUBLIC",
              "TITLE": "MFSBGN03824 rev.1 - ArcSight Management Center, Insufficient Access Control, Reflected Cross Site Scripting, Access Control vulnerability, Cross-Site Request Forgery (CSRF), Unauthenticated File Download, Directory Traversal Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ArcSight Management Center",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "all versions prior to 2.81"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Micro Focus"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Micro Focus would like to thank Andy Tan for reporting the Insufficient Access Control, Access Control Vulnerability, Reflected Cross Site Scripting, Cross-Site Request Forgery (CSRF), and Unauthenticated File Download vulnerabilities to cyber-psrt@microfocus.com."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A potential Access Control vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for vulnerable Access Controls."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "Access Control Vulnerability"
              }
            ],
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Access Control Vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03245142",
                  "refsource": "CONFIRM",
                  "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03245142"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2018-6503",
        "datePublished": "2018-09-20T19:00:00.000Z",
        "dateReserved": "2018-02-01T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:06:45.053Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-6502 (GCVE-0-2018-6502)

    Vulnerability from nvd – Published: 2018-09-20 19:00 – Updated: 2024-09-17 04:19
    VLAI
    Title
    MFSBGN03824 rev.1 - ArcSight Management Center, Insufficient Access Control, Reflected Cross Site Scripting, Access Control vulnerability, Cross-Site Request Forgery (CSRF), Unauthenticated File Download, Directory Traversal Vulnerability
    Summary
    A potential Reflected Cross-Site Scripting (XSS) Security vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Reflected Cross-site Scripting (XSS).
    CWE
    • Reflected Cross-Site Scripting (XSS)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Micro Focus ArcSight Management Center Affected: all versions prior to 2.81
    Create a notification for this product.
    Date Public
    2018-09-19 00:00
    Credits
    Micro Focus would like to thank Andy Tan for reporting the Insufficient Access Control, Access Control Vulnerability, Reflected Cross Site Scripting, Cross-Site Request Forgery (CSRF), and Unauthenticated File Download vulnerabilities to cyber-psrt@microfocus.com.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:10:09.994Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03245142"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ArcSight Management Center",
              "vendor": "Micro Focus",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions prior to 2.81"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Micro Focus would like to thank Andy Tan for reporting the Insufficient Access Control, Access Control Vulnerability, Reflected Cross Site Scripting, Cross-Site Request Forgery (CSRF), and Unauthenticated File Download vulnerabilities to cyber-psrt@microfocus.com."
            }
          ],
          "datePublic": "2018-09-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A potential Reflected Cross-Site Scripting (XSS) Security vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Reflected Cross-site Scripting (XSS)."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "Reflected Cross-Site Scripting (XSS)"
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Reflected Cross-Site Scripting (XSS)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:15:37.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03245142"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "MFSBGN03824 rev.1 - ArcSight Management Center, Insufficient Access Control, Reflected Cross Site Scripting, Access Control vulnerability, Cross-Site Request Forgery (CSRF), Unauthenticated File Download, Directory Traversal Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "DATE_PUBLIC": "2018-09-19T15:45:00.000Z",
              "ID": "CVE-2018-6502",
              "STATE": "PUBLIC",
              "TITLE": "MFSBGN03824 rev.1 - ArcSight Management Center, Insufficient Access Control, Reflected Cross Site Scripting, Access Control vulnerability, Cross-Site Request Forgery (CSRF), Unauthenticated File Download, Directory Traversal Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ArcSight Management Center",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "all versions prior to 2.81"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Micro Focus"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Micro Focus would like to thank Andy Tan for reporting the Insufficient Access Control, Access Control Vulnerability, Reflected Cross Site Scripting, Cross-Site Request Forgery (CSRF), and Unauthenticated File Download vulnerabilities to cyber-psrt@microfocus.com."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A potential Reflected Cross-Site Scripting (XSS) Security vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Reflected Cross-site Scripting (XSS)."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "Reflected Cross-Site Scripting (XSS)"
              }
            ],
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Reflected Cross-Site Scripting (XSS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03245142",
                  "refsource": "CONFIRM",
                  "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03245142"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2018-6502",
        "datePublished": "2018-09-20T19:00:00.000Z",
        "dateReserved": "2018-02-01T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:19:28.690Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-6501 (GCVE-0-2018-6501)

    Vulnerability from nvd – Published: 2018-09-20 16:00 – Updated: 2024-08-05 06:10
    VLAI
    Summary
    Potential security vulnerability of Insufficient Access Controls has been identified in ArcSight Management Center (ArcMC) for versions prior to 2.81. This vulnerability could be exploited to allow for insufficient access controls.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2018-09-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:10:10.119Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03245142"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-09-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Potential security vulnerability of Insufficient Access Controls has been identified in ArcSight Management Center (ArcMC) for versions prior to 2.81. This vulnerability could be exploited to allow for insufficient access controls."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:15:36.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03245142"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "ID": "CVE-2018-6501",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Potential security vulnerability of Insufficient Access Controls has been identified in ArcSight Management Center (ArcMC) for versions prior to 2.81. This vulnerability could be exploited to allow for insufficient access controls."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03245142",
                  "refsource": "CONFIRM",
                  "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03245142"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2018-6501",
        "datePublished": "2018-09-20T16:00:00.000Z",
        "dateReserved": "2018-02-01T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:10:10.119Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-6500 (GCVE-0-2018-6500)

    Vulnerability from nvd – Published: 2018-09-20 16:00 – Updated: 2024-09-16 23:42
    VLAI
    Title
    MFSBGN03824 rev.1 - ArcSight Management Center, Insufficient Access Control, Reflected Cross Site Scripting, Access Control vulnerability, Cross-Site Request Forgery (CSRF), Unauthenticated File Download, Directory Traversal Vulnerability
    Summary
    A potential Directory Traversal Security vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be remotely exploited to allow Directory Traversal.
    CWE
    • Directory Traversal
    Assigner
    References
    Impacted products
    Vendor Product Version
    Micro Focus ArcSight Management Center Affected: all versions prior to 2.81
    Create a notification for this product.
    Date Public
    2018-09-19 00:00
    Credits
    Micro Focus would like to thank Vahagn Vardanyan for reporting the Directory Traversal Vulnerability to cyber-psrt@microfocus.com.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:01:49.348Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03245142"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ArcSight Management Center",
              "vendor": "Micro Focus",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions prior to 2.81"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Micro Focus would like to thank Vahagn Vardanyan for reporting the Directory Traversal Vulnerability to cyber-psrt@microfocus.com."
            }
          ],
          "datePublic": "2018-09-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A potential Directory Traversal Security vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be remotely exploited to allow Directory Traversal."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "Directory Traversal"
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Directory Traversal",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:16:06.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03245142"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "MFSBGN03824 rev.1 - ArcSight Management Center, Insufficient Access Control, Reflected Cross Site Scripting, Access Control vulnerability, Cross-Site Request Forgery (CSRF), Unauthenticated File Download, Directory Traversal Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "DATE_PUBLIC": "2018-09-19T15:33:00.000Z",
              "ID": "CVE-2018-6500",
              "STATE": "PUBLIC",
              "TITLE": "MFSBGN03824 rev.1 - ArcSight Management Center, Insufficient Access Control, Reflected Cross Site Scripting, Access Control vulnerability, Cross-Site Request Forgery (CSRF), Unauthenticated File Download, Directory Traversal Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ArcSight Management Center",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "all versions prior to 2.81"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Micro Focus"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Micro Focus would like to thank Vahagn Vardanyan for reporting the Directory Traversal Vulnerability to cyber-psrt@microfocus.com."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A potential Directory Traversal Security vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be remotely exploited to allow Directory Traversal."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "Directory Traversal"
              }
            ],
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Directory Traversal"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03245142",
                  "refsource": "CONFIRM",
                  "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03245142"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2018-6500",
        "datePublished": "2018-09-20T16:00:00.000Z",
        "dateReserved": "2018-02-01T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:42:22.758Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-6030 (GCVE-0-2015-6030)

    Vulnerability from nvd – Published: 2015-11-04 02:00 – Updated: 2024-08-06 07:06
    VLAI
    Summary
    HP ArcSight Logger 6.0.0.7307.1, ArcSight Command Center 6.8.0.1896.0, and ArcSight Connector Appliance 6.4.0.6881.3 use the root account to execute files owned by the arcsight user, which might allow local users to gain privileges by leveraging arcsight account access.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id/1034073 vdb-entryx_refsource_SECTRACK
    https://h20566.www2.hpe.com/portal/site/hpsc/publ… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1034072 vdb-entryx_refsource_SECTRACK
    http://www.kb.cert.org/vuls/id/842252 third-party-advisoryx_refsource_CERT-VN
    Date Public
    2015-10-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T07:06:35.209Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1034073",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1034073"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04872416"
              },
              {
                "name": "1034072",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1034072"
              },
              {
                "name": "VU#842252",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/842252"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-10-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "HP ArcSight Logger 6.0.0.7307.1, ArcSight Command Center 6.8.0.1896.0, and ArcSight Connector Appliance 6.4.0.6881.3 use the root account to execute files owned by the arcsight user, which might allow local users to gain privileges by leveraging arcsight account access."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-12-05T22:57:01.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "1034073",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1034073"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04872416"
            },
            {
              "name": "1034072",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1034072"
            },
            {
              "name": "VU#842252",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/842252"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2015-6030",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "HP ArcSight Logger 6.0.0.7307.1, ArcSight Command Center 6.8.0.1896.0, and ArcSight Connector Appliance 6.4.0.6881.3 use the root account to execute files owned by the arcsight user, which might allow local users to gain privileges by leveraging arcsight account access."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1034073",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1034073"
                },
                {
                  "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04872416",
                  "refsource": "CONFIRM",
                  "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04872416"
                },
                {
                  "name": "1034072",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1034072"
                },
                {
                  "name": "VU#842252",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/842252"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2015-6030",
        "datePublished": "2015-11-04T02:00:00.000Z",
        "dateReserved": "2015-08-14T00:00:00.000Z",
        "dateUpdated": "2024-08-06T07:06:35.209Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-3486 (GCVE-0-2019-3486)

    Vulnerability from cvelistv5 – Published: 2019-07-25 14:30 – Updated: 2024-09-16 22:35
    VLAI
    Title
    ArcSight Security Management Center stored cross site script issue in version prior to 2.9.1
    Summary
    Mitigates a stored cross site scripting issue in ArcSight Security Management Center versions prior to 2.9.1
    CWE
    • stored cross site script
    Assigner
    References
    Impacted products
    Date Public
    2019-05-08 00:00
    Credits
    Special thanks to ING Tech Poland for responsibly disclosing this vulnerability.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:12:09.507Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://community.microfocus.com/t5/ArcSight-Management-Center-ArcMC/ArcSight-Management-Center-2-91-Release-Notes/ta-p/1790266?attachment-id=74671"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Arcsight Security Management Center",
              "vendor": "Micro Focus",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.9.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Special thanks to ING Tech Poland for responsibly disclosing this vulnerability."
            }
          ],
          "datePublic": "2019-05-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Mitigates a stored cross site scripting issue in ArcSight Security Management Center versions prior to 2.9.1"
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "stored cross site script",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:16:01.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://community.microfocus.com/t5/ArcSight-Management-Center-ArcMC/ArcSight-Management-Center-2-91-Release-Notes/ta-p/1790266?attachment-id=74671"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to ArcSight Security Management Center to version 2.9.1 or later."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "ArcSight Security Management Center stored cross site script issue in version prior to 2.9.1",
          "x_generator": {
            "engine": "Vulnogram 0.0.5"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "",
              "ASSIGNER": "security@microfocus.com",
              "DATE_PUBLIC": "2019-05-08T00:00:00.000Z",
              "ID": "CVE-2019-3486",
              "STATE": "PUBLIC",
              "TITLE": "ArcSight Security Management Center stored cross site script issue in version prior to 2.9.1"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Arcsight Security Management Center",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c 2.9.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Micro Focus"
                  }
                ]
              }
            },
            "configuration": [],
            "credit": [
              {
                "lang": "eng",
                "value": "Special thanks to ING Tech Poland for responsibly disclosing this vulnerability."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Mitigates a stored cross site scripting issue in ArcSight Security Management Center versions prior to 2.9.1"
                }
              ]
            },
            "exploit": [],
            "generator": {
              "engine": "Vulnogram 0.0.5"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "stored cross site script"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://community.microfocus.com/t5/ArcSight-Management-Center-ArcMC/ArcSight-Management-Center-2-91-Release-Notes/ta-p/1790266?attachment-id=74671",
                  "refsource": "CONFIRM",
                  "url": "https://community.microfocus.com/t5/ArcSight-Management-Center-ArcMC/ArcSight-Management-Center-2-91-Release-Notes/ta-p/1790266?attachment-id=74671"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Upgrade to ArcSight Security Management Center to version 2.9.1 or later."
              }
            ],
            "source": {
              "advisory": "",
              "defect": [],
              "discovery": "EXTERNAL"
            },
            "work_around": []
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2019-3486",
        "datePublished": "2019-07-25T14:30:16.486Z",
        "dateReserved": "2018-12-31T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:35:08.353Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-6502 (GCVE-0-2018-6502)

    Vulnerability from cvelistv5 – Published: 2018-09-20 19:00 – Updated: 2024-09-17 04:19
    VLAI
    Title
    MFSBGN03824 rev.1 - ArcSight Management Center, Insufficient Access Control, Reflected Cross Site Scripting, Access Control vulnerability, Cross-Site Request Forgery (CSRF), Unauthenticated File Download, Directory Traversal Vulnerability
    Summary
    A potential Reflected Cross-Site Scripting (XSS) Security vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Reflected Cross-site Scripting (XSS).
    CWE
    • Reflected Cross-Site Scripting (XSS)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Micro Focus ArcSight Management Center Affected: all versions prior to 2.81
    Create a notification for this product.
    Date Public
    2018-09-19 00:00
    Credits
    Micro Focus would like to thank Andy Tan for reporting the Insufficient Access Control, Access Control Vulnerability, Reflected Cross Site Scripting, Cross-Site Request Forgery (CSRF), and Unauthenticated File Download vulnerabilities to cyber-psrt@microfocus.com.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:10:09.994Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03245142"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ArcSight Management Center",
              "vendor": "Micro Focus",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions prior to 2.81"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Micro Focus would like to thank Andy Tan for reporting the Insufficient Access Control, Access Control Vulnerability, Reflected Cross Site Scripting, Cross-Site Request Forgery (CSRF), and Unauthenticated File Download vulnerabilities to cyber-psrt@microfocus.com."
            }
          ],
          "datePublic": "2018-09-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A potential Reflected Cross-Site Scripting (XSS) Security vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Reflected Cross-site Scripting (XSS)."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "Reflected Cross-Site Scripting (XSS)"
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Reflected Cross-Site Scripting (XSS)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:15:37.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03245142"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "MFSBGN03824 rev.1 - ArcSight Management Center, Insufficient Access Control, Reflected Cross Site Scripting, Access Control vulnerability, Cross-Site Request Forgery (CSRF), Unauthenticated File Download, Directory Traversal Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "DATE_PUBLIC": "2018-09-19T15:45:00.000Z",
              "ID": "CVE-2018-6502",
              "STATE": "PUBLIC",
              "TITLE": "MFSBGN03824 rev.1 - ArcSight Management Center, Insufficient Access Control, Reflected Cross Site Scripting, Access Control vulnerability, Cross-Site Request Forgery (CSRF), Unauthenticated File Download, Directory Traversal Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ArcSight Management Center",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "all versions prior to 2.81"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Micro Focus"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Micro Focus would like to thank Andy Tan for reporting the Insufficient Access Control, Access Control Vulnerability, Reflected Cross Site Scripting, Cross-Site Request Forgery (CSRF), and Unauthenticated File Download vulnerabilities to cyber-psrt@microfocus.com."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A potential Reflected Cross-Site Scripting (XSS) Security vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Reflected Cross-site Scripting (XSS)."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "Reflected Cross-Site Scripting (XSS)"
              }
            ],
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Reflected Cross-Site Scripting (XSS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03245142",
                  "refsource": "CONFIRM",
                  "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03245142"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2018-6502",
        "datePublished": "2018-09-20T19:00:00.000Z",
        "dateReserved": "2018-02-01T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:19:28.690Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-6503 (GCVE-0-2018-6503)

    Vulnerability from cvelistv5 – Published: 2018-09-20 19:00 – Updated: 2024-09-17 02:06
    VLAI
    Title
    MFSBGN03824 rev.1 - ArcSight Management Center, Insufficient Access Control, Reflected Cross Site Scripting, Access Control vulnerability, Cross-Site Request Forgery (CSRF), Unauthenticated File Download, Directory Traversal Vulnerability
    Summary
    A potential Access Control vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for vulnerable Access Controls.
    CWE
    • Access Control Vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    Micro Focus ArcSight Management Center Affected: all versions prior to 2.81
    Create a notification for this product.
    Date Public
    2018-09-19 00:00
    Credits
    Micro Focus would like to thank Andy Tan for reporting the Insufficient Access Control, Access Control Vulnerability, Reflected Cross Site Scripting, Cross-Site Request Forgery (CSRF), and Unauthenticated File Download vulnerabilities to cyber-psrt@microfocus.com.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:10:10.037Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03245142"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ArcSight Management Center",
              "vendor": "Micro Focus",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions prior to 2.81"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Micro Focus would like to thank Andy Tan for reporting the Insufficient Access Control, Access Control Vulnerability, Reflected Cross Site Scripting, Cross-Site Request Forgery (CSRF), and Unauthenticated File Download vulnerabilities to cyber-psrt@microfocus.com."
            }
          ],
          "datePublic": "2018-09-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A potential Access Control vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for vulnerable Access Controls."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "Access Control Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Access Control Vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:16:03.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03245142"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "MFSBGN03824 rev.1 - ArcSight Management Center, Insufficient Access Control, Reflected Cross Site Scripting, Access Control vulnerability, Cross-Site Request Forgery (CSRF), Unauthenticated File Download, Directory Traversal Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "DATE_PUBLIC": "2018-09-19T15:50:00.000Z",
              "ID": "CVE-2018-6503",
              "STATE": "PUBLIC",
              "TITLE": "MFSBGN03824 rev.1 - ArcSight Management Center, Insufficient Access Control, Reflected Cross Site Scripting, Access Control vulnerability, Cross-Site Request Forgery (CSRF), Unauthenticated File Download, Directory Traversal Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ArcSight Management Center",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "all versions prior to 2.81"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Micro Focus"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Micro Focus would like to thank Andy Tan for reporting the Insufficient Access Control, Access Control Vulnerability, Reflected Cross Site Scripting, Cross-Site Request Forgery (CSRF), and Unauthenticated File Download vulnerabilities to cyber-psrt@microfocus.com."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A potential Access Control vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for vulnerable Access Controls."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "Access Control Vulnerability"
              }
            ],
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Access Control Vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03245142",
                  "refsource": "CONFIRM",
                  "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03245142"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2018-6503",
        "datePublished": "2018-09-20T19:00:00.000Z",
        "dateReserved": "2018-02-01T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:06:45.053Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-6505 (GCVE-0-2018-6505)

    Vulnerability from cvelistv5 – Published: 2018-09-20 19:00 – Updated: 2024-09-17 03:59
    VLAI
    Title
    MFSBGN03824 rev.1 - ArcSight Management Center, Insufficient Access Control, Reflected Cross Site Scripting, Access Control vulnerability, Cross-Site Request Forgery (CSRF), Unauthenticated File Download, Directory Traversal Vulnerability
    Summary
    A potential Unauthenticated File Download vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Unauthenticated File Downloads.
    CWE
    • Unauthenticated File Download
    Assigner
    References
    Impacted products
    Vendor Product Version
    Micro Focus ArcSight Management Center Affected: all versions prior to 2.81
    Create a notification for this product.
    Date Public
    2018-09-19 00:00
    Credits
    Micro Focus would like to thank Andy Tan for reporting the Insufficient Access Control, Access Control Vulnerability, Reflected Cross Site Scripting, Cross-Site Request Forgery (CSRF), and Unauthenticated File Download vulnerabilities to cyber-psrt@microfocus.com.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:10:10.265Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03245142"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ArcSight Management Center",
              "vendor": "Micro Focus",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions prior to 2.81"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Micro Focus would like to thank Andy Tan for reporting the Insufficient Access Control, Access Control Vulnerability, Reflected Cross Site Scripting, Cross-Site Request Forgery (CSRF), and Unauthenticated File Download vulnerabilities to cyber-psrt@microfocus.com."
            }
          ],
          "datePublic": "2018-09-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A potential Unauthenticated File Download vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Unauthenticated File Downloads."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "Unauthenticated File Download"
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Unauthenticated File Download",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:15:46.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03245142"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "MFSBGN03824 rev.1 - ArcSight Management Center, Insufficient Access Control, Reflected Cross Site Scripting, Access Control vulnerability, Cross-Site Request Forgery (CSRF), Unauthenticated File Download, Directory Traversal Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "DATE_PUBLIC": "2018-09-19T16:00:00.000Z",
              "ID": "CVE-2018-6505",
              "STATE": "PUBLIC",
              "TITLE": "MFSBGN03824 rev.1 - ArcSight Management Center, Insufficient Access Control, Reflected Cross Site Scripting, Access Control vulnerability, Cross-Site Request Forgery (CSRF), Unauthenticated File Download, Directory Traversal Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ArcSight Management Center",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "all versions prior to 2.81"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Micro Focus"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Micro Focus would like to thank Andy Tan for reporting the Insufficient Access Control, Access Control Vulnerability, Reflected Cross Site Scripting, Cross-Site Request Forgery (CSRF), and Unauthenticated File Download vulnerabilities to cyber-psrt@microfocus.com."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A potential Unauthenticated File Download vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Unauthenticated File Downloads."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "Unauthenticated File Download"
              }
            ],
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Unauthenticated File Download"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03245142",
                  "refsource": "CONFIRM",
                  "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03245142"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2018-6505",
        "datePublished": "2018-09-20T19:00:00.000Z",
        "dateReserved": "2018-02-01T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:59:35.875Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-6501 (GCVE-0-2018-6501)

    Vulnerability from cvelistv5 – Published: 2018-09-20 16:00 – Updated: 2024-08-05 06:10
    VLAI
    Summary
    Potential security vulnerability of Insufficient Access Controls has been identified in ArcSight Management Center (ArcMC) for versions prior to 2.81. This vulnerability could be exploited to allow for insufficient access controls.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2018-09-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:10:10.119Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03245142"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-09-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Potential security vulnerability of Insufficient Access Controls has been identified in ArcSight Management Center (ArcMC) for versions prior to 2.81. This vulnerability could be exploited to allow for insufficient access controls."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:15:36.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03245142"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "ID": "CVE-2018-6501",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Potential security vulnerability of Insufficient Access Controls has been identified in ArcSight Management Center (ArcMC) for versions prior to 2.81. This vulnerability could be exploited to allow for insufficient access controls."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03245142",
                  "refsource": "CONFIRM",
                  "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03245142"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2018-6501",
        "datePublished": "2018-09-20T16:00:00.000Z",
        "dateReserved": "2018-02-01T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:10:10.119Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-6500 (GCVE-0-2018-6500)

    Vulnerability from cvelistv5 – Published: 2018-09-20 16:00 – Updated: 2024-09-16 23:42
    VLAI
    Title
    MFSBGN03824 rev.1 - ArcSight Management Center, Insufficient Access Control, Reflected Cross Site Scripting, Access Control vulnerability, Cross-Site Request Forgery (CSRF), Unauthenticated File Download, Directory Traversal Vulnerability
    Summary
    A potential Directory Traversal Security vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be remotely exploited to allow Directory Traversal.
    CWE
    • Directory Traversal
    Assigner
    References
    Impacted products
    Vendor Product Version
    Micro Focus ArcSight Management Center Affected: all versions prior to 2.81
    Create a notification for this product.
    Date Public
    2018-09-19 00:00
    Credits
    Micro Focus would like to thank Vahagn Vardanyan for reporting the Directory Traversal Vulnerability to cyber-psrt@microfocus.com.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:01:49.348Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03245142"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ArcSight Management Center",
              "vendor": "Micro Focus",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions prior to 2.81"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Micro Focus would like to thank Vahagn Vardanyan for reporting the Directory Traversal Vulnerability to cyber-psrt@microfocus.com."
            }
          ],
          "datePublic": "2018-09-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A potential Directory Traversal Security vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be remotely exploited to allow Directory Traversal."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "Directory Traversal"
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Directory Traversal",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:16:06.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03245142"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "MFSBGN03824 rev.1 - ArcSight Management Center, Insufficient Access Control, Reflected Cross Site Scripting, Access Control vulnerability, Cross-Site Request Forgery (CSRF), Unauthenticated File Download, Directory Traversal Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "DATE_PUBLIC": "2018-09-19T15:33:00.000Z",
              "ID": "CVE-2018-6500",
              "STATE": "PUBLIC",
              "TITLE": "MFSBGN03824 rev.1 - ArcSight Management Center, Insufficient Access Control, Reflected Cross Site Scripting, Access Control vulnerability, Cross-Site Request Forgery (CSRF), Unauthenticated File Download, Directory Traversal Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ArcSight Management Center",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "all versions prior to 2.81"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Micro Focus"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Micro Focus would like to thank Vahagn Vardanyan for reporting the Directory Traversal Vulnerability to cyber-psrt@microfocus.com."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A potential Directory Traversal Security vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be remotely exploited to allow Directory Traversal."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "Directory Traversal"
              }
            ],
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Directory Traversal"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03245142",
                  "refsource": "CONFIRM",
                  "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03245142"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2018-6500",
        "datePublished": "2018-09-20T16:00:00.000Z",
        "dateReserved": "2018-02-01T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:42:22.758Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-6030 (GCVE-0-2015-6030)

    Vulnerability from cvelistv5 – Published: 2015-11-04 02:00 – Updated: 2024-08-06 07:06
    VLAI
    Summary
    HP ArcSight Logger 6.0.0.7307.1, ArcSight Command Center 6.8.0.1896.0, and ArcSight Connector Appliance 6.4.0.6881.3 use the root account to execute files owned by the arcsight user, which might allow local users to gain privileges by leveraging arcsight account access.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id/1034073 vdb-entryx_refsource_SECTRACK
    https://h20566.www2.hpe.com/portal/site/hpsc/publ… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1034072 vdb-entryx_refsource_SECTRACK
    http://www.kb.cert.org/vuls/id/842252 third-party-advisoryx_refsource_CERT-VN
    Date Public
    2015-10-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T07:06:35.209Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1034073",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1034073"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04872416"
              },
              {
                "name": "1034072",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1034072"
              },
              {
                "name": "VU#842252",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/842252"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-10-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "HP ArcSight Logger 6.0.0.7307.1, ArcSight Command Center 6.8.0.1896.0, and ArcSight Connector Appliance 6.4.0.6881.3 use the root account to execute files owned by the arcsight user, which might allow local users to gain privileges by leveraging arcsight account access."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-12-05T22:57:01.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "1034073",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1034073"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04872416"
            },
            {
              "name": "1034072",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1034072"
            },
            {
              "name": "VU#842252",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/842252"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2015-6030",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "HP ArcSight Logger 6.0.0.7307.1, ArcSight Command Center 6.8.0.1896.0, and ArcSight Connector Appliance 6.4.0.6881.3 use the root account to execute files owned by the arcsight user, which might allow local users to gain privileges by leveraging arcsight account access."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1034073",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1034073"
                },
                {
                  "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04872416",
                  "refsource": "CONFIRM",
                  "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04872416"
                },
                {
                  "name": "1034072",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1034072"
                },
                {
                  "name": "VU#842252",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/842252"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2015-6030",
        "datePublished": "2015-11-04T02:00:00.000Z",
        "dateReserved": "2015-08-14T00:00:00.000Z",
        "dateUpdated": "2024-08-06T07:06:35.209Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }