CVE-2019-3482

Vulnerability

A directory traversal vulnerability exists in Micro Focus ArcSight Logger versions prior to 6.7. The issue affects versions 5.0 through 6.61 as listed in the vendor advisory [1]. The vulnerability can be triggered via specially crafted input that does not properly sanitize directory traversal sequences, allowing access to files outside the intended directory [1].

Exploitation

An attacker with network access to the ArcSight Logger web interface can exploit this vulnerability by sending a carefully crafted HTTP request containing path traversal sequences (e.g., ../). No authentication is required, as the advisory notes this issue alongside remote code execution and information disclosure vulnerabilities [1]. The attacker only needs to be able to send requests to the affected service.

Impact

Successful exploitation allows an attacker to read arbitrary files from the server's filesystem, potentially disclosing sensitive information such as configuration files, credentials, or log data [1]. This is a confidentiality impact with no direct effect on integrity or availability. The advisory includes this as one of several vulnerabilities, so additional exploits (e.g., remote code execution) may also be possible through other means [1].

Mitigation

The vendor has addressed this vulnerability in ArcSight Logger version 6.7. The advisory recommends upgrading to version 6.7 or later [1]. No workarounds are described in the available references. Users should apply the update as soon as possible.