Plateforme
other
Composant
arcsight-management-center
Corrigé dans
3.2.5 P1
24.2.2
A Reflected Cross-Site Scripting (XSS) vulnerability has been discovered in OpenText ArcSight Management Center and ArcSight Platform. This vulnerability allows a remote attacker to inject malicious scripts into web pages viewed by other users. Versions 0 through 24.2.2 are affected. OpenText has released version 24.2.2 to address this security concern.
Successful exploitation of this XSS vulnerability could allow an attacker to execute arbitrary JavaScript code within the context of a victim's browser session. This could lead to the theft of sensitive information, such as session cookies, authentication tokens, or personally identifiable information (PII). An attacker could also potentially redirect users to malicious websites, deface the ArcSight Management Center interface, or perform actions on behalf of the victim user. The impact is amplified if the ArcSight Management Center is used to manage sensitive security data, as an attacker could gain access to critical security logs and alerts.
This vulnerability was published on November 8, 2024. As of this writing, there are no public exploits or active campaigns reported. The vulnerability's severity is pending evaluation. Monitor security advisories and threat intelligence feeds for any updates regarding exploitation attempts.
Statut de l'Exploit
EPSS
0.90% (percentile 76%)
CISA SSVC
The primary mitigation for CVE-2024-9841 is to upgrade to version 24.2.2 or later of OpenText ArcSight Management Center and ArcSight Platform. If immediate upgrading is not possible, consider implementing input validation and output encoding on all user-supplied data to prevent the injection of malicious scripts. Web Application Firewalls (WAFs) configured with appropriate rules can also help to block XSS attacks. Regularly review and update ArcSight Management Center configurations to ensure they adhere to security best practices.
Actualice OpenText ArcSight Management Center y ArcSight Platform a la versión 3.2.5 P1 o superior, o a la versión 24.2.2 o superior, según corresponda. Esto corregirá la vulnerabilidad XSS almacenada. Consulte el advisory del proveedor para obtener instrucciones detalladas sobre la actualización.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2024-9841 is a Reflected Cross-Site Scripting (XSS) vulnerability affecting OpenText ArcSight Management Center and Platform, allowing remote attackers to inject malicious scripts.
You are affected if you are using OpenText ArcSight Management Center or Platform versions 0 through 24.2.2. Upgrade to 24.2.2 or later to mitigate the risk.
The recommended fix is to upgrade to version 24.2.2 or later. As a temporary workaround, implement input validation and output encoding.
As of now, there are no publicly known active exploits or campaigns targeting CVE-2024-9841, but continuous monitoring is advised.
Refer to the OpenText Security Advisory for CVE-2024-9841 on the OpenText Support Portal for detailed information and updates.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.