HP Arcsight Multiple Products HTML Injection Vulnerability
14 Aug. 2012
Summary
HP Arcsight multiple products are prone to an HTML-injection vulnerability because they fail to sufficiently sanitize user-supplied input.
Credit:
The original article can be found at: http://www.securityfocus.com/bid/54824
The information has been provided by Michael Rutkowski of Duer Advanced Technology and Aerospace .
Vulnerable Systems:
*HP Arcsight Multiple Products HTML Injection Vulnerability
An attacker could exploit this vulnerability to execute arbitrary script code in the browser of an unsuspecting victim in the context of the affected websites. This may allow the attacker to steal cookie-based authentication credentials or control how the websites are rendered to the user. Other attacks are also possible.
The following products are vulnerable:
Arcsight Connector Appliance 6.2.0.6244.0
Arcsight Logger Appliance 5.2.0.6288.0
Vendor Status:
Vendor as issued an updated vulnerability.