vulnerability alert CVE-2012-2960

HP ArcSight Connector, Logger: Cross Site Scripting

Synthesis of the vulnerability

An attacker can invite the victim to import a malicious file with ArcSight Connector or Logger, in order to execute JavaScript code in his browser.
Impacted products: ArcSight Connector, ArcSight Logger.
Severity: 2/4.
Creation date: 07/08/2012.
Identifiers: BID-54824, c03606700, CVE-2012-2960, HPSBMU02836, SSRT100864, VIGILANCE-VUL-11826, VU#960468.

Description of the vulnerability

The ArcSight Connector and Logger products allows the administrator to import a list of computers from a file:
 - System Admin
 - Network
 - Hosts
 - Import from Local File

However, imported names are then directly displayed by the service, without being filtered. An attacker can thus create a file containing a computer list with JavaScript, which is then inserted in web pages generated by the service.

An attacker can therefore invite the victim to import a malicious file with ArcSight Connector or Logger, in order to execute JavaScript code in his browser.
Complete Vigil@nce bulletin.... (free access)

Share this bulletin

          

Computer vulnerabilities tracking service

Vigil@nce provides an applications vulnerabilities database. The technology watch team tracks security threats targeting the computer system. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.