CVE-2020-11840

Unauthorized information disclosure vulnerability in Micro Focus ArcSight Management Center product, Affecting versions 2.6.1, 2.7.x, 2.8.x, 2.9.x prior to 2.9.4. The vulnerabilities could be remotely exploited resulting unauthorized information disclosure.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
microfocusCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 42%
VendorProductVersion
microfocusarcsight_management_center
2.7.0 ≤
𝑥
< 2.9.4
microfocusarcsight_management_center
2.6.1
𝑥
= Vulnerable software versions
References
https://softwaresupport.softwaregrp.com/doc/KM03650893
https://softwaresupport.softwaregrp.com/doc/KM03650893