CVE-2018-6500 — Path Traversal in HP Arcsight Management Center

CWE-22 — Path Traversal5 documents5 sources

Severity

7.5HIGHNVD

EPSS

1.4%

top 19.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

HP Arcsight Management Center Micro Focus Arcsight Management Center

Timeline

PublishedSep 20

Latest updateMay 13

Description

A potential Directory Traversal Security vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be remotely exploited to allow Directory Traversal.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDhp/arcsight_management_center< 2.81

▶CVEListV5micro_focus/arcsight_management_centerall versions prior to 2.81

🔴Vulnerability Details

GHSA

GHSA-wjm3-wvjm-6343: A potential Directory Traversal Security vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2↗2022-05-13

▶

CVEList

MFSBGN03824 rev.1 - ArcSight Management Center, Insufficient Access Control, Reflected Cross Site Scripting, Access Control vulnerability, Cross-Site Request Forgery (CSRF), Unauthenticated File Downl↗2018-09-20

▶

💥Exploits & PoCs

Exploit-DB

Cisco Adaptive Security Appliance - Path Traversal↗2018-06-28

▶

📋Vendor Advisories

Chrome

Stable Channel Update for Desktop: CVE-2020-6500↗2020-02-04

▶