9 matches found
CVE-2020-25834
CVE-2020-25834 is a cross-site scripting (XSS) vulnerability impacting Micro Focus ArcSight Logger, primarily affected version 7.1 (some sources mention 7.1.1). The issue could be exploited remotely to trigger XSS in the product. The Red Hat, NVD, and other feeds consistently describe a straightf...
CVE-2020-11851
CVE-2020-11851 affects Micro Focus ArcSight Logger prior to 7.1.1. The connected documents confirm a remote code execution vulnerability in ArcSight Logger, exploitable via the ArcSight Management Center backup/config workflow that uses Tcl/expect scripts, leading to arbitrary code execution on v...
CVE-2023-24470
ArcSight Logger prior to version 7.3.0 is vulnerable to XML External Entity (XXE) injection (CVE-2023-24470). The root cause is XXE in the product’s XML processing, enabling an attacker to potentially access or exfiltrate data via crafted XML. Public advisories confirm fixes in ArcSight Logger 7....
CVE-2020-11860
CVE-2020-11860 is a Cross-Site Scripting vulnerability in Micro Focus ArcSight Logger affecting all versions prior to 7.1.1. The connected documents indicate a remote XSS exposure in ArcSight Logger’s web-facing components, with no detailed exploit steps provided in the sources. The vulnerability...
CVE-2022-26330
CVE-2022-26330 affects Micro Focus ArcSight Logger prior to version 7.2.2. The documented impact is information disclosure and self XSS, with remote exploitation described in multiple sources. The root cause details are not fully enumerated in the provided documents, but the vulnerability targets...
CVE-2022-26331
CVE-2022-26331 affects Micro Focus ArcSight Logger. Vulnerable are ArcSight Logger versions prior to 7.2.2. The issue could be remotely exploited to cause Information Disclosure or Self Cross-Site Scripting (XSS). Root cause details are not specified in the provided documents. Remediation: upgrad...
CVE-2019-11657
Micro Focus ArcSight Logger has a Cross-Site Request Forgery (CSRF) vulnerability affecting all product versions prior to 7.0. The vulnerability arises from a web application that does not adequately validate request origins, enabling CSRF attacks without explicit user interaction in some sources...
CVE-2020-11839
The CVE-2020-11839 entry affects Micro Focus ArcSight Logger, specifically versions 6.6.1 through 7.0.1. The vulnerability is a Cross-Site Scripting (XSS) issue in the web application caused by insufficient validation of client-side data, with potential remote exploitation leading to XSS or infor...
CVE-2023-24469
CVE-2023-24469 affects Micro Focus ArcSight Logger prior to 7.3.0. The vulnerability is a Cross-Site Scripting issue arising in the web interface, with CVSS 3.1 base score 6.1 (Network, Low attack complexity, UI interaction required). Public advisories indicate that Micro Focus released version 7...