Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
10 vulnerabilities found for ArcSight Platform by OpenText
CVE-2024-9841 (GCVE-0-2024-9841)
Vulnerability from cvelistv5 – Published: 2024-11-08 17:58 – Updated: 2024-11-08 21:12
VLAI
Title
OpenText ArcSight Management Center and ArcSight Platform Stored XSS
Summary
A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Management Center and ArcSight Platform. The vulnerability could be remotely exploited.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://portal.microfocus.com/s/article/KM000035977 | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| OpenText | ArcSight Management Center |
Affected:
0 , < 3.2.5 P1
(custom)
|
|
| OpenText | ArcSight Platform |
Affected:
0 , < 24.2.2
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9841",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-08T21:12:30.732319Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T21:12:48.283Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "ArcSight Management Center",
"vendor": "OpenText",
"versions": [
{
"lessThan": "3.2.5 P1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ArcSight Platform",
"vendor": "OpenText",
"versions": [
{
"lessThan": "24.2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Management Center and ArcSight Platform. The vulnerability could be remotely exploited."
}
],
"value": "A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Management Center and ArcSight Platform. The vulnerability could be remotely exploited."
}
],
"impacts": [
{
"capecId": "CAPEC-591",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-591"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:L/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T17:58:53.697Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://portal.microfocus.com/s/article/KM000035977"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "OpenText ArcSight Management Center and ArcSight Platform Stored XSS",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2024-9841",
"datePublished": "2024-11-08T17:58:53.697Z",
"dateReserved": "2024-10-10T20:53:57.733Z",
"dateUpdated": "2024-11-08T21:12:48.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2835 (GCVE-0-2024-2835)
Vulnerability from cvelistv5 – Published: 2024-05-20 13:10 – Updated: 2024-08-01 19:25
VLAI
Title
OpenText ArcSight Enterprise Security Manager and ArcSight Platform Stored XSS
Summary
A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Enterprise Security Manager and ArcSight Platform. The vulnerability could be remotely exploited.
Severity
8.7 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://portal.microfocus.com/s/article/KM000029773 | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| OpenText | ArcSight Enterprise Security Manager |
Affected:
0 , < 7.6.6
(custom)
Affected: 7.7.0 , < 7.7.1 (custom) |
|
| OpenText | ArcSight Platform |
Affected:
24.1.0 , < 24.1.3
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2835",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T14:45:00.389231Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:30:45.653Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:25:41.903Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://portal.microfocus.com/s/article/KM000029773"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "ArcSight Enterprise Security Manager",
"vendor": "OpenText",
"versions": [
{
"lessThan": "7.6.6",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "7.7.1",
"status": "affected",
"version": "7.7.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ArcSight Platform",
"vendor": "OpenText",
"versions": [
{
"lessThan": "24.1.3",
"status": "affected",
"version": "24.1.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Enterprise Security Manager and ArcSight Platform. The vulnerability could be remotely exploited."
}
],
"value": "A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Enterprise Security Manager and ArcSight Platform. The vulnerability could be remotely exploited."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-20T13:10:08.716Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://portal.microfocus.com/s/article/KM000029773"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "OpenText ArcSight Enterprise Security Manager and ArcSight Platform Stored XSS",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2024-2835",
"datePublished": "2024-05-20T13:10:08.716Z",
"dateReserved": "2024-03-22T17:31:30.222Z",
"dateUpdated": "2024-08-01T19:25:41.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3482 (GCVE-0-2024-3482)
Vulnerability from cvelistv5 – Published: 2024-05-20 13:09 – Updated: 2024-08-01 20:12
VLAI
Title
OpenText ArcSight Enterprise Security Manager and ArcSight Platform Stored XSS
Summary
A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Enterprise Security Manager and ArcSight Platform. The vulnerability could be remotely exploited.
Severity
8.7 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://portal.microfocus.com/s/article/KM000029773 | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| OpenText | ArcSight Enterprise Security Manager |
Affected:
0 , < 7.6.6
(custom)
Affected: 7.7.0 , < 7.7.1 (custom) |
|
| OpenText | ArcSight Platform |
Affected:
24.1.0 , < 24.1.3
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3482",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T14:29:18.374154Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:31:32.548Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:12:07.694Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://portal.microfocus.com/s/article/KM000029773"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "ArcSight Enterprise Security Manager",
"vendor": "OpenText",
"versions": [
{
"lessThan": "7.6.6",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "7.7.1",
"status": "affected",
"version": "7.7.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ArcSight Platform",
"vendor": "OpenText",
"versions": [
{
"lessThan": "24.1.3",
"status": "affected",
"version": "24.1.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Enterprise Security Manager and ArcSight Platform. The vulnerability could be remotely exploited."
}
],
"value": "A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Enterprise Security Manager and ArcSight Platform. The vulnerability could be remotely exploited."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-20T13:09:55.369Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://portal.microfocus.com/s/article/KM000029773"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "OpenText ArcSight Enterprise Security Manager and ArcSight Platform Stored XSS",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2024-3482",
"datePublished": "2024-05-20T13:09:55.369Z",
"dateReserved": "2024-04-08T19:14:39.805Z",
"dateUpdated": "2024-08-01T20:12:07.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2834 (GCVE-0-2024-2834)
Vulnerability from cvelistv5 – Published: 2024-04-08 12:22 – Updated: 2024-08-29 19:12
VLAI
Title
OpenText ArcSight Management Center and ArcSight Platform Stored XSS
Summary
A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Management Center and ArcSight Platform. The vulnerability could be remotely exploited.
Severity
8.7 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://portal.microfocus.com/s/article/KM000028275 | vendor-advisory |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| OpenText | ArcSight Management Center |
Affected:
0 , < 3.2.2 P1
(custom)
Affected: 3.2.3 , < 3.2.3 P1 (custom) |
|
| OpenText | ArcSight Platform |
Affected:
0 , < 23.3.2
(custom)
Affected: 24.1.0 , < 24.1.2 (custom) |
|
| microfocus | arcsight_management_center |
Affected:
0 , < 3.2.2P1
(custom)
Affected: 3.2.3 , < 3.2.3P1 (custom) cpe:2.3:a:microfocus:arcsight_management_center:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:25:42.096Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://portal.microfocus.com/s/article/KM000028275"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:microfocus:arcsight_management_center:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arcsight_management_center",
"vendor": "microfocus",
"versions": [
{
"lessThan": "3.2.2P1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "3.2.3P1",
"status": "affected",
"version": "3.2.3",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2834",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-07T15:28:25.703456Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T19:12:40.109Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "ArcSight Management Center",
"vendor": "OpenText",
"versions": [
{
"lessThan": "3.2.2 P1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "3.2.3 P1",
"status": "affected",
"version": "3.2.3",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ArcSight Platform",
"vendor": "OpenText",
"versions": [
{
"lessThan": "23.3.2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "24.1.2",
"status": "affected",
"version": "24.1.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Management Center and ArcSight Platform. The vulnerability could be remotely exploited."
}
],
"value": "A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Management Center and ArcSight Platform. The vulnerability could be remotely exploited."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-08T12:22:49.221Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://portal.microfocus.com/s/article/KM000028275"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "OpenText ArcSight Management Center and ArcSight Platform Stored XSS",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2024-2834",
"datePublished": "2024-04-08T12:22:49.221Z",
"dateReserved": "2024-03-22T17:31:18.131Z",
"dateUpdated": "2024-08-29T19:12:40.109Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1811 (GCVE-0-2024-1811)
Vulnerability from cvelistv5 – Published: 2024-03-20 12:38 – Updated: 2025-03-20 14:27
VLAI
Title
OpenText ArcSight Platform Remote Vulnerability
Summary
A potential vulnerability has been identified in OpenText ArcSight Platform. The vulnerability could be remotely exploited.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Remote Vulnerability
- CWE-noinfo Not enough information
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| OpenText | ArcSight Platform |
Affected:
23.2.0 , < 23.2.1
(custom)
Affected: 23.3.0 , < 23.3.1 (custom) Affected: 24.1.0 , < 24.1.1 (custom) |
|
| opentext | arcsight_platform |
Affected:
23.2.0 , < 23.2.1
(custom)
Affected: 23.3.0 , < 23.3.1 (custom) Affected: 24.1.0 , < 24.1.1 (custom) cpe:2.3:a:opentext:arcsight_platform:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:opentext:arcsight_platform:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arcsight_platform",
"vendor": "opentext",
"versions": [
{
"lessThan": "23.2.1",
"status": "affected",
"version": "23.2.0",
"versionType": "custom"
},
{
"lessThan": "23.3.1",
"status": "affected",
"version": "23.3.0",
"versionType": "custom"
},
{
"lessThan": "24.1.1",
"status": "affected",
"version": "24.1.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1811",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-21T15:17:38.045549Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-20T14:27:27.934Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:48:22.018Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://portal.microfocus.com/s/article/KM000027383"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "ArcSight Platform",
"vendor": "OpenText",
"versions": [
{
"lessThan": "23.2.1",
"status": "affected",
"version": "23.2.0",
"versionType": "custom"
},
{
"lessThan": "23.3.1",
"status": "affected",
"version": "23.3.0",
"versionType": "custom"
},
{
"lessThan": "24.1.1",
"status": "affected",
"version": "24.1.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A potential vulnerability has been identified in OpenText ArcSight Platform. The vulnerability could be remotely exploited."
}
],
"value": "A potential vulnerability has been identified in OpenText ArcSight Platform. The vulnerability could be remotely exploited."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Remote Vulnerability"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Vulnerability",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-20T12:38:40.702Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://portal.microfocus.com/s/article/KM000027383"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "OpenText ArcSight Platform Remote Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2024-1811",
"datePublished": "2024-03-20T12:38:40.702Z",
"dateReserved": "2024-02-22T22:38:43.566Z",
"dateUpdated": "2025-03-20T14:27:27.934Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9841 (GCVE-0-2024-9841)
Vulnerability from nvd – Published: 2024-11-08 17:58 – Updated: 2024-11-08 21:12
VLAI
Title
OpenText ArcSight Management Center and ArcSight Platform Stored XSS
Summary
A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Management Center and ArcSight Platform. The vulnerability could be remotely exploited.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://portal.microfocus.com/s/article/KM000035977 | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| OpenText | ArcSight Management Center |
Affected:
0 , < 3.2.5 P1
(custom)
|
|
| OpenText | ArcSight Platform |
Affected:
0 , < 24.2.2
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9841",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-08T21:12:30.732319Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T21:12:48.283Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "ArcSight Management Center",
"vendor": "OpenText",
"versions": [
{
"lessThan": "3.2.5 P1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ArcSight Platform",
"vendor": "OpenText",
"versions": [
{
"lessThan": "24.2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Management Center and ArcSight Platform. The vulnerability could be remotely exploited."
}
],
"value": "A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Management Center and ArcSight Platform. The vulnerability could be remotely exploited."
}
],
"impacts": [
{
"capecId": "CAPEC-591",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-591"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:L/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T17:58:53.697Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://portal.microfocus.com/s/article/KM000035977"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "OpenText ArcSight Management Center and ArcSight Platform Stored XSS",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2024-9841",
"datePublished": "2024-11-08T17:58:53.697Z",
"dateReserved": "2024-10-10T20:53:57.733Z",
"dateUpdated": "2024-11-08T21:12:48.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2835 (GCVE-0-2024-2835)
Vulnerability from nvd – Published: 2024-05-20 13:10 – Updated: 2024-08-01 19:25
VLAI
Title
OpenText ArcSight Enterprise Security Manager and ArcSight Platform Stored XSS
Summary
A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Enterprise Security Manager and ArcSight Platform. The vulnerability could be remotely exploited.
Severity
8.7 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://portal.microfocus.com/s/article/KM000029773 | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| OpenText | ArcSight Enterprise Security Manager |
Affected:
0 , < 7.6.6
(custom)
Affected: 7.7.0 , < 7.7.1 (custom) |
|
| OpenText | ArcSight Platform |
Affected:
24.1.0 , < 24.1.3
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2835",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T14:45:00.389231Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:30:45.653Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:25:41.903Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://portal.microfocus.com/s/article/KM000029773"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "ArcSight Enterprise Security Manager",
"vendor": "OpenText",
"versions": [
{
"lessThan": "7.6.6",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "7.7.1",
"status": "affected",
"version": "7.7.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ArcSight Platform",
"vendor": "OpenText",
"versions": [
{
"lessThan": "24.1.3",
"status": "affected",
"version": "24.1.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Enterprise Security Manager and ArcSight Platform. The vulnerability could be remotely exploited."
}
],
"value": "A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Enterprise Security Manager and ArcSight Platform. The vulnerability could be remotely exploited."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-20T13:10:08.716Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://portal.microfocus.com/s/article/KM000029773"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "OpenText ArcSight Enterprise Security Manager and ArcSight Platform Stored XSS",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2024-2835",
"datePublished": "2024-05-20T13:10:08.716Z",
"dateReserved": "2024-03-22T17:31:30.222Z",
"dateUpdated": "2024-08-01T19:25:41.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3482 (GCVE-0-2024-3482)
Vulnerability from nvd – Published: 2024-05-20 13:09 – Updated: 2024-08-01 20:12
VLAI
Title
OpenText ArcSight Enterprise Security Manager and ArcSight Platform Stored XSS
Summary
A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Enterprise Security Manager and ArcSight Platform. The vulnerability could be remotely exploited.
Severity
8.7 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://portal.microfocus.com/s/article/KM000029773 | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| OpenText | ArcSight Enterprise Security Manager |
Affected:
0 , < 7.6.6
(custom)
Affected: 7.7.0 , < 7.7.1 (custom) |
|
| OpenText | ArcSight Platform |
Affected:
24.1.0 , < 24.1.3
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3482",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T14:29:18.374154Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:31:32.548Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:12:07.694Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://portal.microfocus.com/s/article/KM000029773"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "ArcSight Enterprise Security Manager",
"vendor": "OpenText",
"versions": [
{
"lessThan": "7.6.6",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "7.7.1",
"status": "affected",
"version": "7.7.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ArcSight Platform",
"vendor": "OpenText",
"versions": [
{
"lessThan": "24.1.3",
"status": "affected",
"version": "24.1.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Enterprise Security Manager and ArcSight Platform. The vulnerability could be remotely exploited."
}
],
"value": "A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Enterprise Security Manager and ArcSight Platform. The vulnerability could be remotely exploited."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-20T13:09:55.369Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://portal.microfocus.com/s/article/KM000029773"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "OpenText ArcSight Enterprise Security Manager and ArcSight Platform Stored XSS",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2024-3482",
"datePublished": "2024-05-20T13:09:55.369Z",
"dateReserved": "2024-04-08T19:14:39.805Z",
"dateUpdated": "2024-08-01T20:12:07.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2834 (GCVE-0-2024-2834)
Vulnerability from nvd – Published: 2024-04-08 12:22 – Updated: 2024-08-29 19:12
VLAI
Title
OpenText ArcSight Management Center and ArcSight Platform Stored XSS
Summary
A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Management Center and ArcSight Platform. The vulnerability could be remotely exploited.
Severity
8.7 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://portal.microfocus.com/s/article/KM000028275 | vendor-advisory |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| OpenText | ArcSight Management Center |
Affected:
0 , < 3.2.2 P1
(custom)
Affected: 3.2.3 , < 3.2.3 P1 (custom) |
|
| OpenText | ArcSight Platform |
Affected:
0 , < 23.3.2
(custom)
Affected: 24.1.0 , < 24.1.2 (custom) |
|
| microfocus | arcsight_management_center |
Affected:
0 , < 3.2.2P1
(custom)
Affected: 3.2.3 , < 3.2.3P1 (custom) cpe:2.3:a:microfocus:arcsight_management_center:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:25:42.096Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://portal.microfocus.com/s/article/KM000028275"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:microfocus:arcsight_management_center:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arcsight_management_center",
"vendor": "microfocus",
"versions": [
{
"lessThan": "3.2.2P1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "3.2.3P1",
"status": "affected",
"version": "3.2.3",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2834",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-07T15:28:25.703456Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T19:12:40.109Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "ArcSight Management Center",
"vendor": "OpenText",
"versions": [
{
"lessThan": "3.2.2 P1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "3.2.3 P1",
"status": "affected",
"version": "3.2.3",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ArcSight Platform",
"vendor": "OpenText",
"versions": [
{
"lessThan": "23.3.2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "24.1.2",
"status": "affected",
"version": "24.1.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Management Center and ArcSight Platform. The vulnerability could be remotely exploited."
}
],
"value": "A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Management Center and ArcSight Platform. The vulnerability could be remotely exploited."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-08T12:22:49.221Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://portal.microfocus.com/s/article/KM000028275"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "OpenText ArcSight Management Center and ArcSight Platform Stored XSS",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2024-2834",
"datePublished": "2024-04-08T12:22:49.221Z",
"dateReserved": "2024-03-22T17:31:18.131Z",
"dateUpdated": "2024-08-29T19:12:40.109Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1811 (GCVE-0-2024-1811)
Vulnerability from nvd – Published: 2024-03-20 12:38 – Updated: 2025-03-20 14:27
VLAI
Title
OpenText ArcSight Platform Remote Vulnerability
Summary
A potential vulnerability has been identified in OpenText ArcSight Platform. The vulnerability could be remotely exploited.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Remote Vulnerability
- CWE-noinfo Not enough information
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| OpenText | ArcSight Platform |
Affected:
23.2.0 , < 23.2.1
(custom)
Affected: 23.3.0 , < 23.3.1 (custom) Affected: 24.1.0 , < 24.1.1 (custom) |
|
| opentext | arcsight_platform |
Affected:
23.2.0 , < 23.2.1
(custom)
Affected: 23.3.0 , < 23.3.1 (custom) Affected: 24.1.0 , < 24.1.1 (custom) cpe:2.3:a:opentext:arcsight_platform:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:opentext:arcsight_platform:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arcsight_platform",
"vendor": "opentext",
"versions": [
{
"lessThan": "23.2.1",
"status": "affected",
"version": "23.2.0",
"versionType": "custom"
},
{
"lessThan": "23.3.1",
"status": "affected",
"version": "23.3.0",
"versionType": "custom"
},
{
"lessThan": "24.1.1",
"status": "affected",
"version": "24.1.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1811",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-21T15:17:38.045549Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-20T14:27:27.934Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:48:22.018Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://portal.microfocus.com/s/article/KM000027383"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "ArcSight Platform",
"vendor": "OpenText",
"versions": [
{
"lessThan": "23.2.1",
"status": "affected",
"version": "23.2.0",
"versionType": "custom"
},
{
"lessThan": "23.3.1",
"status": "affected",
"version": "23.3.0",
"versionType": "custom"
},
{
"lessThan": "24.1.1",
"status": "affected",
"version": "24.1.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A potential vulnerability has been identified in OpenText ArcSight Platform. The vulnerability could be remotely exploited."
}
],
"value": "A potential vulnerability has been identified in OpenText ArcSight Platform. The vulnerability could be remotely exploited."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Remote Vulnerability"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Vulnerability",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-20T12:38:40.702Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://portal.microfocus.com/s/article/KM000027383"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "OpenText ArcSight Platform Remote Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2024-1811",
"datePublished": "2024-03-20T12:38:40.702Z",
"dateReserved": "2024-02-22T22:38:43.566Z",
"dateUpdated": "2025-03-20T14:27:27.934Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}