cvelist/2018/6xxx/CVE-2018-6501.json

{
   "CVE_data_meta" : {
      "ASSIGNER" : "security@microfocus.com",
      "DATE_PUBLIC" : "2018-09-19T15:35:00.000Z",
      "ID" : "CVE-2018-6501",
      "STATE" : "PUBLIC",
      "TITLE" : "MFSBGN03824 rev.1 - ArcSight Management Center, Insufficient Access Control"
   },
   "affects" : {
      "vendor" : {
         "vendor_data" : [
            {
               "product" : {
                  "product_data" : [
                     {
                        "product_name" : "ArcSight Management Center",
                        "version" : {
                           "version_data" : [
                              {
                                 "version_value" : "all versions prior to 2.81"
                              }
                           ]
                        }
                     }
                  ]
               },
               "vendor_name" : "Micro Focus"
            }
         ]
      }
   },
   "credit" : [
      {
         "lang" : "eng",
         "value" : "Micro Focus would like to thank Andy Tan for reporting the Insufficient Access Control, Access Control Vulnerability, Reflected Cross Site Scripting, Cross-Site Request Forgery (CSRF), and Unauthenticated File Download vulnerabilities to cyber-psrt@microfocus.com.\n"
      }
   ],
   "data_format" : "MITRE",
   "data_type" : "CVE",
   "data_version" : "4.0",
   "description" : {
      "description_data" : [
         {
            "lang" : "eng",
            "value" : "Potential security vulnerability of Insufficient Access Controls has been identified in ArcSight Management Center (ArcMC) for versions prior to 2.81. This vulnerability could be exploited to allow for insufficient access controls."
         }
      ]
   },
   "exploit" : [
      {
         "lang" : "eng",
         "value" : "Insufficient Access Controls"
      }
   ],
   "impact" : {
      "cvss" : {
         "attackComplexity" : "LOW",
         "attackVector" : "NETWORK",
         "availabilityImpact" : "NONE",
         "baseScore" : 4.3,
         "baseSeverity" : "MEDIUM",
         "confidentialityImpact" : "NONE",
         "integrityImpact" : "LOW",
         "privilegesRequired" : "LOW",
         "scope" : "UNCHANGED",
         "userInteraction" : "NONE",
         "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
         "version" : "3.0"
      }
   },
   "problemtype" : {
      "problemtype_data" : [
         {
            "description" : [
               {
                  "lang" : "eng",
                  "value" : "Insufficient Access Controls"
               }
            ]
         }
      ]
   },
   "references" : {
      "reference_data" : [
         {
            "name" : "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03245142",
            "refsource" : "CONFIRM",
            "url" : "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03245142"
         }
      ]
   },
   "source" : {
      "discovery" : "UNKNOWN"
   }
}
- Synchronized data. 2018-02-01 10:02:39 -05:00			`{`
- Synchronized data. 2018-09-20 12:04:43 -04:00			`"CVE_data_meta" : {`
			`"ASSIGNER" : "security@microfocus.com",`
			`"DATE_PUBLIC" : "2018-09-19T15:35:00.000Z",`
			`"ID" : "CVE-2018-6501",`
			`"STATE" : "PUBLIC",`
			`"TITLE" : "MFSBGN03824 rev.1 - ArcSight Management Center, Insufficient Access Control"`
- Synchronized data. 2018-02-01 10:02:39 -05:00			`},`
- Synchronized data. 2018-09-20 12:04:43 -04:00			`"affects" : {`
			`"vendor" : {`
			`"vendor_data" : [`
Adding CVE-2018-6501 2018-09-19 11:00:56 -07:00			`{`
- Synchronized data. 2018-09-20 12:04:43 -04:00			`"product" : {`
			`"product_data" : [`
Adding CVE-2018-6501 2018-09-19 11:00:56 -07:00			`{`
- Synchronized data. 2018-09-20 12:04:43 -04:00			`"product_name" : "ArcSight Management Center",`
			`"version" : {`
			`"version_data" : [`
Adding CVE-2018-6501 2018-09-19 11:00:56 -07:00			`{`
- Synchronized data. 2018-09-20 12:04:43 -04:00			`"version_value" : "all versions prior to 2.81"`
Adding CVE-2018-6501 2018-09-19 11:00:56 -07:00			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
- Synchronized data. 2018-09-20 12:04:43 -04:00			`"vendor_name" : "Micro Focus"`
Adding CVE-2018-6501 2018-09-19 11:00:56 -07:00			`}`
			`]`
			`}`
			`},`
- Synchronized data. 2018-09-20 12:04:43 -04:00			`"credit" : [`
Adding CVE-2018-6501 2018-09-19 11:00:56 -07:00			`{`
- Synchronized data. 2018-09-20 12:04:43 -04:00			`"lang" : "eng",`
			`"value" : "Micro Focus would like to thank Andy Tan for reporting the Insufficient Access Control, Access Control Vulnerability, Reflected Cross Site Scripting, Cross-Site Request Forgery (CSRF), and Unauthenticated File Download vulnerabilities to cyber-psrt@microfocus.com.\n"`
Adding CVE-2018-6501 2018-09-19 11:00:56 -07:00			`}`
			`],`
- Synchronized data. 2018-09-20 12:04:43 -04:00			`"data_format" : "MITRE",`
			`"data_type" : "CVE",`
			`"data_version" : "4.0",`
			`"description" : {`
			`"description_data" : [`
Adding CVE-2018-6501 2018-09-19 11:00:56 -07:00			`{`
- Synchronized data. 2018-09-20 12:04:43 -04:00			`"lang" : "eng",`
			`"value" : "Potential security vulnerability of Insufficient Access Controls has been identified in ArcSight Management Center (ArcMC) for versions prior to 2.81. This vulnerability could be exploited to allow for insufficient access controls."`
Adding CVE-2018-6501 2018-09-19 11:00:56 -07:00			`}`
			`]`
			`},`
- Synchronized data. 2018-09-20 12:04:43 -04:00			`"exploit" : [`
Adding CVE-2018-6501 2018-09-19 11:00:56 -07:00			`{`
- Synchronized data. 2018-09-20 12:04:43 -04:00			`"lang" : "eng",`
			`"value" : "Insufficient Access Controls"`
Adding CVE-2018-6501 2018-09-19 11:00:56 -07:00			`}`
			`],`
- Synchronized data. 2018-09-20 12:04:43 -04:00			`"impact" : {`
			`"cvss" : {`
			`"attackComplexity" : "LOW",`
			`"attackVector" : "NETWORK",`
			`"availabilityImpact" : "NONE",`
			`"baseScore" : 4.3,`
			`"baseSeverity" : "MEDIUM",`
			`"confidentialityImpact" : "NONE",`
			`"integrityImpact" : "LOW",`
			`"privilegesRequired" : "LOW",`
			`"scope" : "UNCHANGED",`
			`"userInteraction" : "NONE",`
			`"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",`
			`"version" : "3.0"`
Adding CVE-2018-6501 2018-09-19 11:00:56 -07:00			`}`
			`},`
- Synchronized data. 2018-09-20 12:04:43 -04:00			`"problemtype" : {`
			`"problemtype_data" : [`
- Synchronized data. 2018-02-01 10:02:39 -05:00			`{`
- Synchronized data. 2018-09-20 12:04:43 -04:00			`"description" : [`
Adding CVE-2018-6501 2018-09-19 11:00:56 -07:00			`{`
- Synchronized data. 2018-09-20 12:04:43 -04:00			`"lang" : "eng",`
			`"value" : "Insufficient Access Controls"`
Adding CVE-2018-6501 2018-09-19 11:00:56 -07:00			`}`
			`]`
- Synchronized data. 2018-02-01 10:02:39 -05:00			`}`
			`]`
Adding CVE-2018-6501 2018-09-19 11:00:56 -07:00			`},`
- Synchronized data. 2018-09-20 12:04:43 -04:00			`"references" : {`
			`"reference_data" : [`
Adding CVE-2018-6501 2018-09-19 11:00:56 -07:00			`{`
- Synchronized data. 2018-09-20 12:04:43 -04:00			`"name" : "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03245142",`
			`"refsource" : "CONFIRM",`
			`"url" : "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03245142"`
Adding CVE-2018-6501 2018-09-19 11:00:56 -07:00			`}`
			`]`
			`},`
- Synchronized data. 2018-09-20 12:04:43 -04:00			`"source" : {`
			`"discovery" : "UNKNOWN"`
- Synchronized data. 2018-02-01 10:02:39 -05:00			`}`
			`}`