JVNDB-2015-005909

[Japanese]
JVNDB-2015-005909
ArcSight Management Center and ArcSight Logger vulnerable to cross-site scripting
Overview
ArcSight Management Center and ArcSight Logger from Hewlett-Packard Development Company L.P. contain a stored cross-site scripting vulnerability (CWE-79). Mukai Akihito reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)
CVSS V2 Severity: Base Metrics 5.0 (Medium) [IPA Score] Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None
Affected Products

Hewlett-Packard Development Company, L.P HP ArcSight Logger versions prior to v6.1 HP ArcSight Management Center versions prior to v2.1

Impact
An arbitrary script may be executed on the user's web browser.
Solution
[Update the Software] Update to the latest version according to the information provided by the vendor.
Vendor Information
Hewlett-Packard Development Company, L.P Hewlett-Packard Development Company, L.P. : HPSBGN03507 rev.2 - HP Arcsight Management Center, Arcsight Logger, Remote Cross-Site Scripting (XSS)
CWE (What is CWE?)
Cross-site Scripting(CWE-79) [IPA Evaluation]
CVE (What is CVE?)
CVE-2015-5441
References
JVN : JVN#51046809 National Vulnerability Database (NVD) : CVE-2015-5441
Revision History
[2015/11/20] Web page was published

ArcSight Management Center and ArcSight Logger vulnerable to cross-site scripting