Vuln: Micro Focus ArcSight Logger CVE-2019-3485 HTML Injection Vulnerability

Micro Focus ArcSight Logger is prone an HTML injection vulnerability.

Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

Micro Focus ArcSight Logger versions prior to 6.7.1 are vulnerable.

exploit

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

solution

Solution:
Updates are available. Please see the references or vendor advisory for more information.

info

Bugtraq ID:	109363
Class:	Input Validation Error
CVE:	CVE-2019-3485
Remote:	Yes
Local:	No
Published:	Jul 24 2019 12:00AM
Updated:	Jul 24 2019 12:00AM
Credit:	The vendor reported this issue.
Vulnerable:	Micro Focus ArcSight Logger 6.7 Micro Focus ArcSight Logger 6.61 Micro Focus ArcSight Logger 6.6 Micro Focus ArcSight Logger 6.5 Micro Focus ArcSight Logger 6.41 Micro Focus ArcSight Logger 6.4 Micro Focus ArcSight Logger 6.31 Micro Focus ArcSight Logger 6.3 Micro Focus ArcSight Logger 6.21 Micro Focus ArcSight Logger 6.11 Micro Focus ArcSight Logger 6.1 Micro Focus ArcSight Logger 6.0 Micro Focus ArcSight Logger 5.5 Micro Focus ArcSight Logger 5.3 Micro Focus ArcSight Logger 5.2 Micro Focus ArcSight Logger 5.1 Micro Focus ArcSight Logger 5.0
Not Vulnerable:	Micro Focus ArcSight Logger 6.7.1

references

References:

• Micro Focus Home Page (Micro Focus)
  
• Micro Focus Logger Product Page (Micro Focus)
  
• Logger Release Notes 6.71 ()
  

from SecurityFocus Vulnerabilities https://ift.tt/2GqC3hy