Lucene search

[email protected]CVE-2019-3481

HistoryMar 25, 2019 - 5:29 p.m.

CVE-2019-3481

2019-03-2517:29:00

CWE-611

[email protected]

web.nvd.nist.gov

cve-2019-3481

mitigation

xml

external entity parsing

arcsight logger

nvd

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

7.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:C/I:N/A:P

0.001 Low

EPSS

Percentile

39.4%

JSON

Mitigates a XML External Entity Parsing issue in ArcSight Logger versions prior to 6.7.

CPENameOperatorVersion
hp:arcsight_loggerhp arcsight loggerlt6.7

CPE	Name	Operator	Version
hp:arcsight_logger	hp arcsight logger	lt	6.7

References

softwaresupport.softwaregrp.com/doc/KM03355866

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

7.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:C/I:N/A:P

0.001 Low

EPSS

Percentile

39.4%

JSON

Related for CVE-2019-3481

cvelist1 prion1