CVE-2019-3483

Vulnerability

An information leakage vulnerability exists in Micro Focus ArcSight Logger versions prior to 6.7. The issue affects all versions from 5.0 through 6.61, as listed in the vendor security bulletin [1]. The exact component or code path is not disclosed, but the vulnerability allows unintended disclosure of information.

Exploitation

An attacker with network access to the ArcSight Logger instance may be able to exploit this vulnerability. No authentication is explicitly required, and the exploitation steps are not detailed in the available references. The vulnerability could potentially be triggered by sending specially crafted requests or by leveraging other weaknesses in the product.

Impact

Successful exploitation results in the leakage of sensitive information. This could include log data, configuration details, or other confidential information processed by the Logger. The impact is limited to information disclosure; no remote code execution or privilege escalation is associated with this specific CVE.

Mitigation

The vulnerability is fixed in ArcSight Logger version 6.7. Users should upgrade to version 6.7 or later to remediate the issue. No workarounds are provided in the bulletin. The CVE is not listed in the Known Exploited Vulnerabilities (KEV) catalog as of the publication date.