CVE-2019-3481XML External Entity (XXE) Injection in HP Arcsight Logger

CWE-611XML External Entity (XXE) Injection3 documents3 sources
Severity
7.1HIGHNVD
EPSS
0.4%
top 37.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
HP Arcsight Logger
Timeline
PublishedMar 25
Latest updateMay 14

Description

Mitigates a XML External Entity Parsing issue in ArcSight Logger versions prior to 6.7.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:LExploitability: 2.8 | Impact: 4.2

Affected Packages2 packages

CVEListV5hp/arcsight_loggerVersions prior to 6.7

🔴Vulnerability Details

2
GHSA
GHSA-xc72-7fjv-v78h: Mitigates a XML External Entity Parsing issue in ArcSight Logger versions prior to 62022-05-14
CVEList
CVE-2019-3481: Mitigates a XML External Entity Parsing issue in ArcSight Logger versions prior to 62019-03-25
CVE-2019-3481 — XML External Entity (XXE) Injection | cvebase