Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
certCERTVU:122054
HistoryJul 15, 2011 - 12:00 a.m.

HP ArcSight Connector Appliance XSS vulnerability

2011-07-1500:00:00
www.kb.cert.org
22

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.018 Low

EPSS

Percentile

88.3%

JSON

Overview

ArcSight Connector Appliance v6.0.0.60023.2, and possibly previous versions, contains a module which is vulnerable to cross site scripting (XSS).

Description

Windows Event Log SmartConnector, a component of ArcSight Connector Appliance v6.0.0.60023.2 does not sanitize all input fields. As a result, cross site scripting (XSS) attacks can be conducted. An exportable report from the Windows Event Log SmartConnector for table parameters contains a drop-down selection field for “Microsoft OS Version”. In some cases, this exported report is world-writeable with a default name. In the exported file an attacker can inject javascript code that will be run after the file is imported and the table parameters section is accessed for editing again.

For example, the following javascript code can be injected into the “Windows XP” variable of the exported file:

,"Windows XP<script> alert('XSS')</script>","en_US"

Impact

An attacker with access to the ArcSight Connector Appliance can conduct a cross site scripting attack, which could be used to result in information leakage, privilege escalation, and/or denial of service.

Solution

Apply an Update
ArcSight Connector Appliance version 6.1 addresses this vulnerability.

Vendor Information

122054

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Hewlett-Packard Company Affected

Notified: April 29, 2011 Updated: June 28, 2011

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

Thanks to Michael Rutkowski of Duer Advanced Technology and Aerospace, Inc (DATA) for reporting this vulnerability.

This document was written by Jared Allar.

Other Information

CVE IDs: CVE-2011-0770
Severity Metric: 4.59 Date Public:

Related

prion 2
cvelist 2
cve 2
nvd 2
prion
prion
Cross site scripting
2011-07-19 20:55:00
Design/Logic Flaw
2011-07-19 21:55:00
cvelist
cvelist
CVE-2011-0770
2011-07-19 20:00:00
CVE-2011-2779
2011-07-19 21:00:00
cve
cve
CVE-2011-0770
2011-07-19 20:55:00
CVE-2011-2779
2011-07-19 21:55:00
nvd
nvd
CVE-2011-0770
2011-07-19 20:55:00
CVE-2011-2779
2011-07-19 21:55:00

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.018 Low

EPSS

Percentile

88.3%

JSON
Related for VU:122054
prion2cvelist2cve2nvd2