The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

computer vulnerability alert CVE-2012-2960

HP ArcSight Connector, Logger: Cross Site Scripting

Synthesis of the vulnerability

An attacker can invite the victim to import a malicious file with ArcSight Connector or Logger, in order to execute JavaScript code in his browser.
Vulnerable products: ArcSight Connector, ArcSight Logger.
Severity of this weakness: 2/4.
Consequences of a hack: client access/rights.
Hacker's origin: document.
Creation date: 07/08/2012.
Références of this bulletin: BID-54824, c03606700, CVE-2012-2960, HPSBMU02836, SSRT100864, VIGILANCE-VUL-11826, VU#960468.

Description of the vulnerability

The ArcSight Connector and Logger products allows the administrator to import a list of computers from a file:
 - System Admin
 - Network
 - Hosts
 - Import from Local File

However, imported names are then directly displayed by the service, without being filtered. An attacker can thus create a file containing a computer list with JavaScript, which is then inserted in web pages generated by the service.

An attacker can therefore invite the victim to import a malicious file with ArcSight Connector or Logger, in order to execute JavaScript code in his browser.
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides an applications vulnerabilities database. The technology watch team tracks security threats targeting the computer system. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.