search menu icon-carat-right cmu-wordmark

CERT Coordination Center

HP ArcSight Connector Appliance XSS vulnerability

Vulnerability Note VU#122054

Original Release Date: 2011-07-15 | Last Revised: 2011-07-15


ArcSight Connector Appliance v6.0.0.60023.2, and possibly previous versions, contains a module which is vulnerable to cross site scripting (XSS).


Windows Event Log SmartConnector, a component of ArcSight Connector Appliance v6.0.0.60023.2 does not sanitize all input fields. As a result, cross site scripting (XSS) attacks can be conducted. An exportable report from the Windows Event Log SmartConnector for table parameters contains a drop-down selection field for "Microsoft OS Version". In some cases, this exported report is world-writeable with a default name. In the exported file an attacker can inject javascript code that will be run after the file is imported and the table parameters section is accessed for editing again.

For example, the following javascript code can be injected into the "Windows XP" variable of the exported file:

...,"Windows XP<script> alert('XSS')</script>","en_US"


An attacker with access to the ArcSight Connector Appliance can conduct a cross site scripting attack, which could be used to result in information leakage, privilege escalation, and/or denial of service.


Apply an Update
ArcSight Connector Appliance version 6.1 addresses this vulnerability.

Vendor Information


Hewlett-Packard Company Affected

Notified:  April 29, 2011 Updated: June 28, 2011



Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

CVSS Metrics

Group Score Vector



Thanks to Michael Rutkowski of Duer Advanced Technology and Aerospace, Inc (DATA) for reporting this vulnerability.

This document was written by Jared Allar.

Other Information

CVE IDs: CVE-2011-0770
Severity Metric: 4.59
Date Public: 2011-07-15
Date First Published: 2011-07-15
Date Last Updated: 2011-07-15 16:21 UTC
Document Revision: 24

Sponsored by CISA.