CVE-2020-11851Code Injection in Arcsight Logger

CWE-94Code Injection3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
3.9%
top 11.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microfocus Arcsight LoggerMicro Focus Arcsight Logger
Timeline
PublishedNov 17
Latest updateMay 24

Description

Arbitrary code execution vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. The vulnerability could be remotely exploited resulting in the execution of arbitrary code.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5micro_focus/arcsight_loggerAll version prior to version 7.1.1

🔴Vulnerability Details

2
GHSA
GHSA-5xg8-q2v8-w6f8: Arbitrary code execution vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 72022-05-24
CVEList
CVE-2020-11851: Arbitrary code execution vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 72020-11-17
CVE-2020-11851 — Code Injection in Arcsight Logger | cvebase