19 matches found
CVE-2019-11656
CVE-2019-11656 is a Stored XSS vulnerability in Micro Focus ArcSight Logger, affecting versions prior to Logger 6.7.1 HotFix 6.7.1.8262.0. The issue arises from improper neutralization of input during web page generation, enabling cross-site scripting. Public sources in the connected documents co...
CVE-2019-11655
CVE-2019-11655 affects Micro Focus ArcSight Logger (version 6.7.0 and later). The vulnerability is an Unrestricted Upload of File with Dangerous type due to unrestricted file upload. The connected documents confirm the issue and its association with ArcSight Logger, but do not provide detailed ex...
CVE-2019-3485
CVE-2019-3485 affects ArcSight Logger (Micro Focus) prior to version 6.7.1. The issue is a stored cross-site scripting (XSS) vulnerability in the WEB application, caused by lack of proper validation of client-side data. Impact is described as potential for executing client-side code; the vulnerab...
CVE-2015-6030
HP ArcSight products (ArcSight Logger 6.0.0.7307.1, ArcSight Command Center 6.8.0.1896.0, ArcSight Connector Appliance 6.4.0.6881.3) are affected by CVE-2015-6030. The root account is used to execute files owned by the arcsight user, which may allow local users who have arcsight credentials to ga...
CVE-2019-3479
CVE-2019-3479 affects Micro Focus ArcSight Logger prior to 6.7, describing an input validation vulnerability that could allow remote code execution. The connected CNVD entry confirms the issue is a remote code execution vulnerability affecting ArcSight Logger versions before 6.7. There are no exp...
CVE-2012-3286
CVE-2012-3286: Unspecified vulnerability in HP ArcSight Connector Appliance ≤6.3 and ArcSight Logger ≤5.2 that could allow remote authenticated users to obtain sensitive information, modify data, or cause a denial of service via unknown vectors. HP’s security bulletin SSRT101056/HPSBMU02836 indic...
CVE-2015-2136
HP ArcSight Logger prior to version 6.0 P2 contains CVE-2015-2136: remote authenticated users can bypass the intended authorization policy (noted via the SOAP interface) and perform unauthorized actions. Affected product/version: HP ArcSight Logger before 6.0 P2. Root cause indicated as improper ...
CVE-2012-5199
CVE-2012-5199 affects HP ArcSight Connector Appliance ≤6.3 and ArcSight Logger ≤5.2. Root cause is an unspecified vulnerability that could allow remote authenticated users to execute arbitrary code via unknown vectors. HP’s security bulletin SSRT101056 indicates remediation by updating to ArcSigh...
CVE-2012-5198
HP ArcSight Connector Appliance older than 6.3 and ArcSight Logger older than 5.2 are affected by CVE-2012-5198, a remote information-disclosure vulnerability with unknown vectors. HP's security bulletin HPSBMU02836/SSRT notes remediation: upgrade to ArcSight Connector Appliance 6.4 and ArcSight ...
CVE-2014-7884
CVE-2014-7884 affects HP ArcSight Logger prior to 6.0P1. The Nessus entry and Exploit-DB show an Arbitrary File Upload/Code Execution path due to improper sanitization of uploaded file names in the configuration import feature, allowing an authenticated attacker to upload a server-side script (JS...
CVE-2019-3483
CVE-2019-3483 concerns ArcSight Logger prior to 6.7. The related documents indicate an information-disclosure vulnerability in ArcSight Logger versions before 6.7 and that mitigation exists for those versions. No exploitation details or patch version are explicitly provided in the connected docum...
CVE-2019-3484
The CVE describes a remote code execution vulnerability in Micro Focus ArcSight Logger, affecting versions prior to 6.7. The root cause is an input validation flaw in ArcSight Logger that can be exploited to execute arbitrary code. Affected component is ArcSight Logger’s input handling; impact in...
CVE-2015-6864
HP ArcSight Logger prior to version 6.1P1 is affected by multiple vulnerabilities in the Intellicus and client-certificate upload components, due to improper input validation, enabling remote authenticated execution of arbitrary code. Remediation per the connected Nessus entry is upgrade to 6.1P1...
CVE-2019-3481
CVE-2019-3481 concerns a XML External Entity (XXE) parsing vulnerability in Micro Focus ArcSight Logger prior to version 6.7. The issue stems from insecure XML entity handling in the affected logger, enabling information disclosure or disruption of service as described in CNVD-2019-08313 (and mir...
CVE-2015-6029
HP ArcSight Logger before 6.0 P2 is vulnerable to CVE-2015-6029: the SOAP interface does not limit authentication attempts, enabling remote brute-force access. The HP Security Bulletin (HPSBGN03429) confirms the impact and provides remediation: update to ArcSight Logger v6.0 P2 or later (6.0 P2, ...
CVE-2019-3480
ArcSight Logger prior to version 6.7 is affected by a cross-site scripting vulnerability (stored/reflected XSS). The CNVD entry confirms a XSS issue in ArcSight Logger = 6.7 or applying vendor-provided fixes, as described in the CNVD/CVE references. If applying updates, verify release notes speci...
CVE-2019-3482
The CVE concerns a directory traversal vulnerability in Micro Focus ArcSight Logger before version 6.7. Root cause: improper handling of path input leading to unauthorized information disclosure. Affected product: ArcSight Logger (versions prior to 6.7). Impact: potential disclosure of sensitive ...
CVE-2015-6863
HP ArcSight Logger before 6.1P1 is affected by multiple vulnerabilities in the Intellicus and client-certificate upload components due to improper validation of user-supplied input. This allows a remote attacker to execute arbitrary code. The issues are reported in the context of HP ArcSight Logg...
CVE-2015-5441
CVE-2015-5441 concerns stored XSS in HP ArcSight Management Center before 2.1 and ArcSight Logger before 6.1 (CWE-79). Multiple connected sources (e.g., JVN entries and CNVD/NVD mirrors) describe that an arbitrary script may be executed in a user’s browser due to unsafe handling of input. Affecte...