CVE-2024-2835 HIGH

CVE-2024-2835: OpenText ArcSight Enterprise Security Manager and ArcSight Platform Stored XSS

Vendor Opentext

Product ArcSight Enterprise Security Manager

Weakness CWE-79 · XSS

Published May 20, 2024

Last update August 1, 2024

View on NVD All CVEs

CVSS base score

8.7/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

What the vulnerability does

01Description

A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Enterprise Security Manager and ArcSight Platform. The vulnerability could be remotely exploited.

Key dates

02Disclosure timeline

May 20, 2024 CVE published

August 1, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-2835

Related vulnerabilities

04Related CVE

CVE-2025-5725 SourceCodester Student Result Management System Grading System Page grading-system cross site scripting CVE-2025-53238 WordPress Toast Mobile Menu plugin <= 1.0.8 - Cross Site Scripting (XSS) vulnerability CVE-2024-4685 Campcodes Complete Web-Based School Management System exam_timetable.php cross site scripting CVE-2025-66102 WordPress FV Antispam plugin <= 2.7 - Cross Site Scripting (XSS) vulnerability CVE-2024-5317 Newsletter <= 8.3.4 - Unauthenticated Stored Cross-Site Scripting via np1

Identifiers

CVE CVE-2024-2835

CWE CWE-79

CVSS 8.7 / HIGH

Affected versions

Vendor Opentext

Product ArcSight Enterprise Security Manager

Affected < 7.6.6

Vendor Opentext

Product ArcSight Enterprise Security Manager

Affected ≥ 7.7.0 and < 7.7.1

Vendor Opentext

Product ArcSight Platform

Affected ≥ 24.1.0 and < 24.1.3