CVE-2019-11656

Name of the Vulnerable Software and Affected Versions Micro Focus ArcSight Logger versions prior to 6.7.1 HotFix 6.7.1.8262.0

Description The issue is related to a Stored XSS vulnerability, which could allow Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This means an attacker could potentially inject malicious scripts into the web application, affecting users who access the compromised page.

Recommendations For versions prior to 6.7.1 HotFix 6.7.1.8262.0, update to a version that includes the fix, specifically Logger 6.7.1 HotFix 6.7.1.8262.0 or later, to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the web application to minimize the risk of exploitation.