CVE-2011-0770

{"id": "CVE-2011-0770", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2011-07-19T20:55:00.897", "references": [{"url": "http://securitytracker.com/id?1025791", "source": "cret@cert.org"}, {"url": "http://www.kb.cert.org/vuls/id/122054", "tags": ["US Government Resource"], "source": "cret@cert.org"}, {"url": "http://www.securityfocus.com/bid/48694", "source": "cret@cert.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68569", "source": "cret@cert.org"}, {"url": "http://securitytracker.com/id?1025791", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.kb.cert.org/vuls/id/122054", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/48694", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68569", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Windows Event Log SmartConnector in HP ArcSight Connector Appliance before 6.1 allows remote attackers to inject arbitrary web script or HTML via the Windows XP variable in a file."}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Windows Event Log SmartConnector de HP ArcSight Connector Appliance en versiones anteriores a la 6.1. Permite a usuarios remotos inyectar codigo de script web o c\u00f3digo HTML de su elecci\u00f3n a trav\u00e9s de la variable \"Windows XP\" en un fichero."}], "lastModified": "2024-11-21T01:24:48.030", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hp:windows_event_log_smartconnector:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3D8340CA-3B24-4711-B85A-38F73F0DB5A6", "versionEndIncluding": "6.0.0.60023.2"}, {"criteria": "cpe:2.3:h:hp:arcsight_c1000_appliance:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2ED4F23-4DDE-4D2A-932D-83FD93E86CCD"}, {"criteria": "cpe:2.3:h:hp:arcsight_c1300_appliance:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3D9DFBB3-7E4A-40EC-8943-5D6D9489DE42"}, {"criteria": "cpe:2.3:h:hp:arcsight_c3200_appliance:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53379096-4B4E-4F86-8BE8-DAA902F4D5F2"}, {"criteria": "cpe:2.3:h:hp:arcsight_c3400_appliance:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7FB0EE4D-5E80-4625-893B-5C53E692337F"}, {"criteria": "cpe:2.3:h:hp:arcsight_c5200_appliance:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D9865427-52CA-4B0F-AFDE-EAE9C46D0AAA"}, {"criteria": "cpe:2.3:h:hp:arcsight_c5400_appliance:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D02D9B67-9E0A-4B2A-A880-09DCA9622E85"}], "operator": "OR"}]}], "sourceIdentifier": "cret@cert.org"}