CVE-2023-24469

Vulnerability

A stored cross-site scripting (XSS) vulnerability exists in Micro Focus ArcSight Logger versions prior to 7.3.0. The issue is present in the application's handling of certain user-controlled input, allowing arbitrary script or HTML content to be stored and later executed in the context of the victim's browser session [1].

Exploitation

An attacker must have access to a feature that accepts and stores unsanitized input, such as search queries, usernames, or email addresses, and a victim must view the page containing the stored data. No special network position is required beyond standard web access; the attack is triggered when the victim's browser renders the malicious content [1].

Impact

Successful exploitation allows the attacker to execute arbitrary JavaScript or HTML in the victim's browser session. This can lead to theft of session cookies, redirection to malicious sites, or other actions that compromise the confidentiality and integrity of the user's interaction with the Logger web interface [1].

Mitigation

The vulnerability is fixed in ArcSight Logger version 7.3.0, released on or around June 13, 2023 [1]. Users must upgrade to version 7.3.0 or later. No workarounds have been provided in the available references. The issue is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog as of the report date.