CVE-2022-26330 - OpenCVE

Potential vulnerabilities have been identified in Micro Focus ArcSight Logger. The vulnerabilities could be remotely exploited resulting in Information Disclosure, or Self Cross-Site Scripting (XSS). This issue affects: Micro Focus ArcSight Logger versions prior to v7.2.2 version and prior versions.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microfocus	Arcsight Logger

Configuration 1 [-]

cpe:2.3:a:microfocus:arcsight_logger:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://portal.microfocus.com/s/article/KM000010167?language=en_US
https://www.microfocus.com/support/downloads/

History

No history.

MITRE

Status: PUBLISHED

Assigner: microfocus

Published: 2022-08-31T15:52:15

Updated: 2024-08-03T05:03:31.777Z

Reserved: 2022-02-28T00:00:00

Link: CVE-2022-26330

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-08-31T16:15:10.237

Modified: 2023-11-07T03:44:57.757

Link: CVE-2022-26330

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Micro Focus ArcSight Logger", "vendor": "Micro Focus", "versions": [{"lessThan": "v7.2.2", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Micro Focus would like to give a special thanks to Michal Skowron for responsibly disclosing those vulnerabilities."}], "descriptions": [{"lang": "en", "value": "Potential vulnerabilities have been identified in Micro Focus ArcSight Logger. The vulnerabilities could be remotely exploited resulting in Information Disclosure, or Self Cross-Site Scripting (XSS). This issue affects: Micro Focus ArcSight Logger versions prior to v7.2.2 version and prior versions."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "Information Disclosure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-09-07T20:15:58", "orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "microfocus"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.microfocus.com/support/downloads/"}, {"tags": ["x_refsource_MISC"], "url": "https://portal.microfocus.com/s/article/KM000010167?language=en_US"}], "solutions": [{"lang": "en", "value": "Micro Focus has made the following mitigation information available to resolve the vulnerabilities for the impacted versions of ArcSight Logger:\n\u2022\tLogger 7.2.2 https://www.microfocus.com/support/downloads/\n"}], "source": {"discovery": "UNKNOWN"}, "title": "Potential vulnerability has been identified in Micro Focus ArcSight Logger. The vulnerability could be remotely exploited resulting in Information Disclosure.", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@microfocus.com", "ID": "CVE-2022-26330", "STATE": "PUBLIC", "TITLE": "Potential vulnerability has been identified in Micro Focus ArcSight Logger. The vulnerability could be remotely exploited resulting in Information Disclosure."}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Micro Focus ArcSight Logger", "version": {"version_data": [{"version_affected": "<", "version_value": "v7.2.2"}]}}]}, "vendor_name": "Micro Focus"}]}}, "credit": [{"lang": "eng", "value": "Micro Focus would like to give a special thanks to Michal Skowron for responsibly disclosing those vulnerabilities."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Potential vulnerabilities have been identified in Micro Focus ArcSight Logger. The vulnerabilities could be remotely exploited resulting in Information Disclosure, or Self Cross-Site Scripting (XSS). This issue affects: Micro Focus ArcSight Logger versions prior to v7.2.2 version and prior versions."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information Disclosure"}]}]}, "references": {"reference_data": [{"name": "https://www.microfocus.com/support/downloads/", "refsource": "MISC", "url": "https://www.microfocus.com/support/downloads/"}, {"name": "https://portal.microfocus.com/s/article/KM000010167?language=en_US", "refsource": "MISC", "url": "https://portal.microfocus.com/s/article/KM000010167?language=en_US"}]}, "solution": [{"lang": "en", "value": "Micro Focus has made the following mitigation information available to resolve the vulnerabilities for the impacted versions of ArcSight Logger:\n\u2022\tLogger 7.2.2 https://www.microfocus.com/support/downloads/\n"}], "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T05:03:31.777Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.microfocus.com/support/downloads/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://portal.microfocus.com/s/article/KM000010167?language=en_US"}]}]}, "cveMetadata": {"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "assignerShortName": "microfocus", "cveId": "CVE-2022-26330", "datePublished": "2022-08-31T15:52:15", "dateReserved": "2022-02-28T00:00:00", "dateUpdated": "2024-08-03T05:03:31.777Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microfocus:arcsight_logger:*:*:*:*:*:*:*:*", "matchCriteriaId": "0E99C813-D5CB-40D8-AA6F-7BF5454BBB28", "versionEndExcluding": "7.2.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Potential vulnerabilities have been identified in Micro Focus ArcSight Logger. The vulnerabilities could be remotely exploited resulting in Information Disclosure, or Self Cross-Site Scripting (XSS). This issue affects: Micro Focus ArcSight Logger versions prior to v7.2.2 version and prior versions."}, {"lang": "es", "value": "Se han identificado posibles vulnerabilidades en Micro Focus ArcSight Logger. Las vulnerabilidades podr\u00edan explotarse de forma remota, resultando en una Divulgaci\u00f3n de Informaci\u00f3n o ataques de tipo Cross-Site Scripting (XSS) propios. Este problema afecta a: Micro Focus ArcSight Logger versiones anteriores a v7.2.2 y versiones anteriores"}], "id": "CVE-2022-26330", "lastModified": "2023-11-07T03:44:57.757", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security@opentext.com", "type": "Secondary"}]}, "published": "2022-08-31T16:15:10.237", "references": [{"source": "security@opentext.com", "url": "https://portal.microfocus.com/s/article/KM000010167?language=en_US"}, {"source": "security@opentext.com", "url": "https://www.microfocus.com/support/downloads/"}], "sourceIdentifier": "security@opentext.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}