CVE-2019-3479

Vulnerability

A remote code execution vulnerability exists in Micro Focus ArcSight Logger versions prior to 6.7 [1]. The issue is present in all listed versions from 5.0 through 6.61 [1]. The specific nature of the vulnerability is not detailed in the available references but is associated with multiple potential impacts including remote code execution [1].

Exploitation

The available references do not specify the required attacker position, authentication level, or sequence of steps needed to trigger this vulnerability [1]. Based on the advisory classification as a remote code execution issue, it likely requires network access to an affected service, but no further exploitation details are disclosed in the cited bulletin [1].

Impact

Successful exploitation could lead to remote code execution on the affected ArcSight Logger system [1]. The advisory groups this vulnerability with others that also enable stored/reflected XSS, XML External Entity parsing, directory traversal, and information disclosure, indicating a broad potential impact on confidentiality, integrity, and availability [1].

Mitigation

Micro Focus released ArcSight Logger version 6.7 to address this vulnerability [1]. Users should upgrade to version 6.7 or later. No workaround is currently available from the references [1]. Micro Focus released this advisory on March 11, 2019 [1].