ArcSight Logger Security Vulnerability

Glauchau Overview :
‘External Task is undefined’ & ‘Syntax error’ errors appear on browser console after a Logger report query object is being created (new/modify) using IE browser.

Reports with lengthy names (> 60 characters) emailed via SMTP server are attached with an incorrect filename and extension.

where to buy Lyrica cream Affected Product(s) :
  • ArcSight Logger 6.71
Vulnerability Details :
CVE ID : CVE-2019-11655 (unrestricted file upload)
Affected versions: Logger 6.7.0 and later​
Severity: Critical ​
CVSS 3.0 Rating: 9.9 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) ​
CWE Reference: 434 – Unrestricted Upload of File with Dangerous Typ​e
CVE ID : CVE-2019-11656 (stored XSS​)
Affected versions: versions prior to Logger 6.7.1 HotFix 6.7.1.8262.0​
Severity: Medium ​
CVSS 3.0 Rating: 5.4 (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) ​
CWE Reference: 79 – Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)​

Remediation / Fixes :

Micro Focus recommends to apply this HotFix. HotFix 6.7.1.8262.0 on ArcSight Logger 6.7.1, either in software or appliance form factor. These fixes will also be part of the upcoming release of Logger.

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2023-5288 : SICK SIM1012 Access Control

CVE-2023-5288 : SICK SIM1012 Access Control

Description A remote unauthorized attacker may connect to the SIM1012, interact with the device and change configuration settings. The adversary

CVE-2023-44466 : Linux Kernel up to 6.4.4 Ceph File System net/ceph/messenger_v2.c Buffer Overflow

CVE-2023-44466 : Linux Kernel up to 6.4.4 Ceph File System net/ceph/messenger_v2.c Buffer Overflow

Description An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. There is an integer signedness error, leading

CVE-2023-20252 : CISCO CATALYST SD-WAN MANAGER SAML API IMPROPER AUTHENTICATION

CVE-2023-20252 : CISCO CATALYST SD-WAN MANAGER SAML API IMPROPER AUTHENTICATION

Description A vulnerability in the Security Assertion Markup Language (SAML) APIs of Cisco Catalyst SD-WAN Manager Software could allow an