Arcsight Management Center
CVE-2024-9841
HIGH
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:L/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from Vendor (opentext) · only source for this CVE.
CVSS VectorVendor: opentext
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:L/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Management Center and ArcSight Platform. The vulnerability could be remotely exploited.
AnalysisAI
A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Management Center and ArcSight Platform. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Management Center and ArcSight Platform. The vulnerability could be remotely exploited. Affected products include: Microfocus Arcsight Management Center, Microfocus Arcsight Platform.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.
More in Arcsight Management Center
View allA potential vulnerability has been identified in OpenText / Micro Focus ArcSight Management Center. Rated high severity
A potential Cross-Site Request Forgery (CSRF) vulnerability has been identified in ArcSight Management Center (ArcMC) in
Denial of service vulnerability on Micro Focus ArcSight Management Center. Rated high severity (CVSS 7.5), this vulnerab
A potential Unauthenticated File Download vulnerability has been identified in ArcSight Management Center (ArcMC) in all
A potential Directory Traversal Security vulnerability has been identified in ArcSight Management Center (ArcMC) in all
HP ArcSight Logger 6.0.0.7307.1, ArcSight Command Center 6.8.0.1896.0, and ArcSight Connector Appliance 6.4.0.6881.3 use
A potential Access Control vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior
Potential security vulnerability of Insufficient Access Controls has been identified in ArcSight Management Center (ArcM
Mitigates a stored cross site scripting issue in ArcSight Security Management Center versions prior to 2.9.1. Rated medi
A potential Reflected Cross-Site Scripting (XSS) Security vulnerability has been identified in ArcSight Management Cente
Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Management Center product, Affecting versions 2.6.1, 2.
Unauthorized information disclosure vulnerability in Micro Focus ArcSight Management Center product, Affecting versions
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today