Lucene search

MicrofocusCVELIST:CVE-2018-6503

HistorySep 20, 2018 - 7:00 p.m.

CVE-2018-6503 MFSBGN03824 rev.1 - ArcSight Management Center, Insufficient Access Control, Reflected Cross Site Scripting, Access Control vulnerability, Cross-Site Request Forgery (CSRF), Unauthenticated File Download, Directory Traversal Vulnerability

2018-09-2019:00:00

microfocus

www.cve.org

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

25.4%

JSON

A potential Access Control vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for vulnerable Access Controls.

CNA Affected

[
  {
    "product": "ArcSight Management Center",
    "vendor": "Micro Focus",
    "versions": [
      {
        "status": "affected",
        "version": "all versions prior to 2.81"
      }
    ]
  }
]

References

softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03245142

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

25.4%

JSON

Related for CVELIST:CVE-2018-6503