CVE-2023-24470

CVSS 3.1 Score 9.1 of 10 (high)

Details

Published Jun 13, 2023

Updated: Jan 6, 2025

CWE ID 611

Summary

CVE-2023-24470 is a newly disclosed vulnerability that puts ArcSight Logger versions below 7.3.0 at risk. Hackers can exploit this XML External Entity Injection (XXE) vulnerability to steal sensitive data or execute arbitrary code outside of the application. An attacker can manipulate XML documents to inject malicious code and potentially gain unauthorized access to the affected system. Users are advised to upgrade to the latest version of ArcSight Logger to mitigate this risk. Failure to do so might lead to data theft or system compromise.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

HP Arcsight Logger

Affected Vendors

Micro Focus International

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners