Micro Focus ArcSight Management Center vall versions prior to 2.81 - 5 CVEs

CVE-2018-6502

A potential Reflected Cross-Site Scripting (XSS) Security vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Reflected Cross-site Scripting (XSS).

MEDIUM CVSS 6.5 Published Sep 20, 2018

CVE-2018-6503

A potential Access Control vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for vulnerable Access Controls.

MEDIUM CVSS 6.5 Published Sep 20, 2018

CVE-2018-6504

A potential Cross-Site Request Forgery (CSRF) vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Cross-Site Request Forgery (CSRF).

HIGH CVSS 8.8 Published Sep 20, 2018

CVE-2018-6505

A potential Unauthenticated File Download vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Unauthenticated File Downloads.

HIGH CVSS 7.5 Published Sep 20, 2018

CVE-2018-6500

A potential Directory Traversal Security vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be remotely exploited to allow Directory Traversal.