New Ranks & Badges For The Community!
Notice something different? The ranks and associated badges have gone "Star Fleet". See what they all mean HERE
Highlighted
Micro Focus Frequent Contributor
Micro Focus Frequent Contributor
1156 views

ArcSight Logger 7.0.1 hotfix CVE-2020-11839

Fix for the vulnerability CVE-2020-11839 that was found in ArcSight Logger is now available. Please contact Customer Support to obtain Logger 7.0.1 hotfix CVE-2020-11839. This fix will also be part of the upcoming release of Logger.


CVE-2020-11839: stored XSS
Affected versions: Version 6.6.1 up to 7.0.1
Severity: Medium
CVSS 3.0 Rating: 5.4 (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
CWE Reference: 79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Resolution:
Micro Focus recommends to apply the hotfix "Logger 7.0.1 hotfix CVE-2020-11839" on ArcSight Logger 7.01, either in software or appliance form factor. This fix will also be part of the upcoming release of Logger.

Researcher Credit:
For CVE-2020-11839, we would like to give a special thanks to ING Tech Poland, for responsibly disclosing this vulnerability.

Thank you.

Labels (2)
Tags (2)
0 Likes
2 Replies
Highlighted
Commodore Commodore
Commodore

Has anyone experienced any issues with installing this Hotfix to Logger 7.0.1?

Thanks,

Eric

 

0 Likes
Highlighted
Commodore
Commodore

My sample size is 1 L7600 Appliance Logger so not much of a pattern.  The hotfix installed successfully but took about twice as long than expected based upon past experiences with Logger updates.  I've seen this happen before and not be consistent between all our devices of the same type.

 

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.