CVE-2023-24470
Severity CVSS v4.0:
Pending analysis
Type:
CWE-611
Improper Restriction of XML External Entity Reference ('XXE')
Publication date:
13/06/2023
Last modified:
06/01/2025
Description
Potential XML External Entity Injection in ArcSight Logger versions prior to 7.3.0.
Impact
Base Score 3.x
9.10
Severity 3.x
CRITICAL
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:microfocus:arcsight_logger:*:*:*:*:*:*:*:* | 7.3.0 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://portal.microfocus.com/s/article/KM000018224?language=en_US
- https://www.microfocus.com/documentation/arcsight/logger-7.3/logger-7.3-release-notes/
- https://www.microfocus.com/support/downloads/%2C
- https://portal.microfocus.com/s/article/KM000018224?language=en_US
- https://www.microfocus.com/documentation/arcsight/logger-7.3/logger-7.3-release-notes/
- https://www.microfocus.com/support/downloads/%2C