Vuln: Micro Focus ArcSight Logger CVE-2019-3485 HTML Injection Vulnerability
Micro Focus ArcSight Logger is prone an HTML injection vulnerability.
Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
Micro Focus ArcSight Logger versions prior to 6.7.1 are vulnerable.
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Bugtraq ID: | 109363 |
Class: | Input Validation Error |
CVE: | CVE-2019-3485 |
Remote: | Yes |
Local: | No |
Published: | Jul 24 2019 12:00AM |
Updated: | Jul 24 2019 12:00AM |
Credit: | The vendor reported this issue. |
Vulnerable: | Micro Focus ArcSight Logger 6.7 Micro Focus ArcSight Logger 6.61 Micro Focus ArcSight Logger 6.6 Micro Focus ArcSight Logger 6.5 Micro Focus ArcSight Logger 6.41 Micro Focus ArcSight Logger 6.4 Micro Focus ArcSight Logger 6.31 Micro Focus ArcSight Logger 6.3 Micro Focus ArcSight Logger 6.21 Micro Focus ArcSight Logger 6.11 Micro Focus ArcSight Logger 6.1 Micro Focus ArcSight Logger 6.0 Micro Focus ArcSight Logger 5.5 Micro Focus ArcSight Logger 5.3 Micro Focus ArcSight Logger 5.2 Micro Focus ArcSight Logger 5.1 Micro Focus ArcSight Logger 5.0 |
Not Vulnerable: | Micro Focus ArcSight Logger 6.7.1 |
References:
- Micro Focus Home Page (Micro Focus)
- Micro Focus Logger Product Page (Micro Focus)
- Logger Release Notes 6.71 ()
from SecurityFocus Vulnerabilities https://ift.tt/2GqC3hy