CVE-2024-2834Cross-site Scripting in Arcsight Management Center

CWE-79Cross-site ScriptingCWE-99Resource Injection4 documents4 sources
Severity
8.7HIGHNVD
EPSS
0.1%
top 71.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Opentext Arcsight Management CenterOpentext Arcsight Platform
Timeline
PublishedApr 8
Latest updateAug 26

Description

A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Management Center and ArcSight Platform. The vulnerability could be remotely exploited.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:NExploitability: 2.3 | Impact: 5.8

Affected Packages2 packages

CVEListV5opentext/arcsight_management_center3.2.33.2.3 P1+1
CVEListV5opentext/arcsight_platform24.1.024.1.2+1

🔴Vulnerability Details

2
GHSA
GHSA-f9h9-2656-9px8: A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Management Center and ArcSight Platform2024-04-08
CVEList
OpenText ArcSight Management Center and ArcSight Platform Stored XSS2024-04-08

📋Vendor Advisories

1
Red Hat
kernel: f2fs: fix to do sanity check on F2FS_INLINE_DATA flag in inode during GC2024-08-26
CVE-2024-2834 — Cross-site Scripting | cvebase