Lucene search

MicrofocusCVELIST:CVE-2019-3486

HistoryJul 25, 2019 - 2:30 p.m.

CVE-2019-3486 ArcSight Security Management Center stored cross site script issue in version prior to 2.9.1

2019-07-2514:30:16

microfocus

www.cve.org

CVSS3

4.6

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

EPSS

0.001

Percentile

24.8%

JSON

Mitigates a stored cross site scripting issue in ArcSight Security Management Center versions prior to 2.9.1

CNA Affected

[
  {
    "product": "Arcsight Security Management Center",
    "vendor": "Micro Focus",
    "versions": [
      {
        "status": "affected",
        "version": "< 2.9.1"
      }
    ]
  }
]

References

community.microfocus.com/t5/ArcSight-Management-Center-ArcMC/ArcSight-Management-Center-2-91-Release-Notes/ta-p/1790266?attachment-id=74671

CVSS3

4.6

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

EPSS

0.001

Percentile

24.8%

JSON

Related for CVELIST:CVE-2019-3486