CVE-2019-3481
Description
Mitigates a XML External Entity Parsing issue in ArcSight Logger versions prior to 6.7.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
ArcSight Logger prior to 6.7 is vulnerable to XML External Entity (XXE) parsing, potentially leading to information disclosure.
Vulnerability
ArcSight Logger versions prior to 6.7 are vulnerable to XML External Entity (XXE) parsing. The vulnerability resides in the XML parser configuration, allowing external entities to be processed when parsing XML data [1].
Exploitation
An attacker could exploit this issue by delivering a specially crafted XML payload to an affected ArcSight Logger instance. No authentication is required if the service is exposed; an unauthenticated remote attacker can trigger the XXE processing by sending the malicious XML [1].
Impact
Successful exploitation could result in information disclosure, as the XXE vulnerability can be used to read local files on the server or perform server-side request forgery (SSRF) attacks [1].
Mitigation
Micro Focus has addressed this vulnerability in ArcSight Logger version 6.7. Users should upgrade to version 6.7 or later [1]. No workarounds are documented.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <6.7
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- softwaresupport.softwaregrp.com/doc/KM03355866mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.