Fix for the vulnerability CVE-2020-11839 that was found in ArcSight Logger is now available. Please contact Customer Support to obtain Logger 7.0.1 hotfix CVE-2020-11839. This fix will also be part of the upcoming release of Logger.
CVE-2020-11839: stored XSS
Affected versions: Version 6.6.1 up to 7.0.1
Severity: Medium
CVSS 3.0 Rating: 5.4 (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
CWE Reference: 79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Resolution:
Micro Focus recommends to apply the hotfix "Logger 7.0.1 hotfix CVE-2020-11839" on ArcSight Logger 7.01, either in software or appliance form factor. This fix will also be part of the upcoming release of Logger.
Researcher Credit:
For CVE-2020-11839, we would like to give a special thanks to ING Tech Poland, for responsibly disclosing this vulnerability.
Thank you.