Lucene search

MicrofocusCVELIST:CVE-2018-6505

HistorySep 20, 2018 - 7:00 p.m.

CVE-2018-6505 MFSBGN03824 rev.1 - ArcSight Management Center, Insufficient Access Control, Reflected Cross Site Scripting, Access Control vulnerability, Cross-Site Request Forgery (CSRF), Unauthenticated File Download, Directory Traversal Vulnerability

2018-09-2019:00:00

microfocus

www.cve.org

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

49.4%

JSON

A potential Unauthenticated File Download vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Unauthenticated File Downloads.

CNA Affected

[
  {
    "product": "ArcSight Management Center",
    "vendor": "Micro Focus",
    "versions": [
      {
        "status": "affected",
        "version": "all versions prior to 2.81"
      }
    ]
  }
]

References

softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03245142

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

49.4%

JSON

Related for CVELIST:CVE-2018-6505