CVE-2018-6503 — HP Arcsight Management Center vulnerability

3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.3%

top 50.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

HP Arcsight Management Center Micro Focus Arcsight Management Center

Timeline

PublishedSep 20

Latest updateMay 13

Description

A potential Access Control vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for vulnerable Access Controls.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDhp/arcsight_management_center< 2.81

▶CVEListV5micro_focus/arcsight_management_centerall versions prior to 2.81

🔴Vulnerability Details

GHSA

GHSA-5m24-r73j-2wrc: A potential Access Control vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2↗2022-05-13

▶

CVEList

MFSBGN03824 rev.1 - ArcSight Management Center, Insufficient Access Control, Reflected Cross Site Scripting, Access Control vulnerability, Cross-Site Request Forgery (CSRF), Unauthenticated File Downl↗2018-09-20

▶