CVE-2018-6502— MFSBGN03824 rev.1 - ArcSight Management Center, Insufficient Access Control, Reflected Cross Site Scripting, Access Control vulnerability, Cross-Site Request Forgery (CSRF), Unauthenticated File Download, Directory Traversal Vulnerability
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2018-6502
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
MFSBGN03824 rev.1 - ArcSight Management Center, Insufficient Access Control, Reflected Cross Site Scripting, Access Control vulnerability, Cross-Site Request Forgery (CSRF), Unauthenticated File Download, Directory Traversal Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
A potential Reflected Cross-Site Scripting (XSS) Security vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Reflected Cross-site Scripting (XSS).
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Micro Focus ArcSight Management Center 跨站脚本漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Micro Focus ArcSight Management Center(ArcMC)是英国Micro Focus公司的一款通过统一的界面集中管理ArcSight(如HP ArcSight Logger等)部署的安全管理中心。 Micro Focus ArcMC 2.81之前版本中存在跨站脚本漏洞。远程攻击者可利用该漏洞注入任意的Web脚本或HTML。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Micro Focus | ArcSight Management Center | all versions prior to 2.81 | - |
II. Public POCs for CVE-2018-6502
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2018-6502
请登录查看更多情报信息。
Same Patch Batch · Micro Focus · 2018-09-20 · 5 CVEs total
| CVE-2018-6500 | MFSBGN03824 rev.1 - ArcSight Management Center, Insufficient Access Control, Reflected Cro | |
| CVE-2018-6503 | MFSBGN03824 rev.1 - ArcSight Management Center, Insufficient Access Control, Reflected Cro | |
| CVE-2018-6504 | MFSBGN03824 rev.1 - ArcSight Management Center, Insufficient Access Control, Reflected Cro | |
| CVE-2018-6505 | MFSBGN03824 rev.1 - ArcSight Management Center, Insufficient Access Control, Reflected Cro |
IV. Related Vulnerabilities
Same product: ArcSight Management Center
- CVE-2024-9841
OpenText ArcSight Management Center and ArcSight Platform St - CVE-2024-2834
OpenText ArcSight Management Center and ArcSight Platform St - CVE-2020-25835
Micro Focus ArcSight Management Center Remote Vulnerability - CVE-2020-11848
Micro Focus ArcSight Management Center 安全漏洞 - CVE-2018-6503
MFSBGN03824 rev.1 - ArcSight Management Center, Insufficient
Same vendor: Micro Focus
- CVE-2020-25835
Micro Focus ArcSight Management Center Remote Vulnerability - CVE-2023-32265
Mitigations and availability of updates relating to security - CVE-2023-32263
Dimensions CM Plugin for Jenkins 0.8.17 – 0.9.3 - CVE-2023-32262
Dimensions CM Plugin for Jenkins 0.8.17 – 0.9.3 - CVE-2023-32261
Dimensions CM Plugin for Jenkins 0.8.17 – 0.9.3
V. Comments for CVE-2018-6502
No comments yet