Overview
ArcSight Connector Appliance v6.0.0.60023.2, and possibly previous versions, contains a module which is vulnerable to cross site scripting (XSS).
Description
Windows Event Log SmartConnector, a component of ArcSight Connector Appliance v6.0.0.60023.2 does not sanitize all input fields. As a result, cross site scripting (XSS) attacks can be conducted. An exportable report from the Windows Event Log SmartConnector for table parameters contains a drop-down selection field for "Microsoft OS Version". In some cases, this exported report is world-writeable with a default name. In the exported file an attacker can inject javascript code that will be run after the file is imported and the table parameters section is accessed for editing again. For example, the following javascript code can be injected into the "Windows XP" variable of the exported file: |
Impact
An attacker with access to the ArcSight Connector Appliance can conduct a cross site scripting attack, which could be used to result in information leakage, privilege escalation, and/or denial of service. |
Solution
Apply an Update |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
Thanks to Michael Rutkowski of Duer Advanced Technology and Aerospace, Inc (DATA) for reporting this vulnerability.
This document was written by Jared Allar.
Other Information
| CVE IDs: | CVE-2011-0770 |
| Severity Metric: | 4.59 |
| Date Public: | 2011-07-15 |
| Date First Published: | 2011-07-15 |
| Date Last Updated: | 2011-07-15 16:21 UTC |
| Document Revision: | 24 |