PT-2019-12458 · Micro Focus · Micro Focus Arcsight Logger

Published

2019-10-04

Updated

2019-10-10

CVE-2019-11655

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Micro Focus ArcSight Logger versions 6.7.0 and later

Description The issue concerns an unrestricted file upload vulnerability. This could allow the upload of files with dangerous types.

Recommendations For Micro Focus ArcSight Logger versions 6.7.0 and later, consider restricting file uploads to only allow safe file types until a patch is available.

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2019-11655

Affected Products

Micro Focus Arcsight Logger

PT-2019-12458 · Micro Focus · Micro Focus Arcsight Logger

CVE-2019-11655

Weakness Enumeration

Related Identifiers

Affected Products

References · 3