CVE-2018-6505HP Arcsight Management Center vulnerability

3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.9%
top 24.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
HP Arcsight Management CenterMicro Focus Arcsight Management Center
Timeline
PublishedSep 20
Latest updateMay 13

Description

A potential Unauthenticated File Download vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Unauthenticated File Downloads.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5micro_focus/arcsight_management_centerall versions prior to 2.81

🔴Vulnerability Details

2
GHSA
GHSA-ggqr-7299-cxpq: A potential Unauthenticated File Download vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 22022-05-13
CVEList
MFSBGN03824 rev.1 - ArcSight Management Center, Insufficient Access Control, Reflected Cross Site Scripting, Access Control vulnerability, Cross-Site Request Forgery (CSRF), Unauthenticated File Downl2018-09-20
CVE-2018-6505 — HP vulnerability | cvebase