Vuln: Micro Focus ArcSight Logger CVE-2019-3485 HTML Injection Vulnerability



Micro Focus ArcSight Logger is prone an HTML injection vulnerability.

Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

Micro Focus ArcSight Logger versions prior to 6.7.1 are vulnerable.
exploit



Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.
solution



Solution:
Updates are available. Please see the references or vendor advisory for more information.

info



Bugtraq ID:109363
Class:Input Validation Error
CVE:CVE-2019-3485
Remote:Yes
Local:No
Published:Jul 24 2019 12:00AM
Updated:Jul 24 2019 12:00AM
Credit:The vendor reported this issue.
Vulnerable:Micro Focus ArcSight Logger 6.7
Micro Focus ArcSight Logger 6.61
Micro Focus ArcSight Logger 6.6
Micro Focus ArcSight Logger 6.5
Micro Focus ArcSight Logger 6.41
Micro Focus ArcSight Logger 6.4
Micro Focus ArcSight Logger 6.31
Micro Focus ArcSight Logger 6.3
Micro Focus ArcSight Logger 6.21
Micro Focus ArcSight Logger 6.11
Micro Focus ArcSight Logger 6.1
Micro Focus ArcSight Logger 6.0
Micro Focus ArcSight Logger 5.5
Micro Focus ArcSight Logger 5.3
Micro Focus ArcSight Logger 5.2
Micro Focus ArcSight Logger 5.1
Micro Focus ArcSight Logger 5.0
Not Vulnerable:Micro Focus ArcSight Logger 6.7.1
references



from SecurityFocus Vulnerabilities https://ift.tt/2GqC3hy