CVE-2020-11851

CRITICAL

Micro Focus ArcSight Logger < 7.1.1 - Remote Code Execution

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-11851. PoCs published by ch1nghz.

AI-analyzed exploit summary This repository provides a detailed analysis and proof-of-concept for CVE-2020-11851, a remote code execution vulnerability in ArcSight Logger via ArcSight Management Center. The exploit leverages improper input validation in Tcl-based expect scripts used for backup functionality, allowing arbitrary command execution.

Description

Arbitrary code execution vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. The vulnerability could be remotely exploited resulting in the execution of arbitrary code.

Exploits (1)

nomisec WORKING POC 20 stars
by ch1nghz · poc
https://github.com/ch1nghz/CVE-2020-11851

This repository provides a detailed analysis and proof-of-concept for CVE-2020-11851, a remote code execution vulnerability in ArcSight Logger via ArcSight Management Center. The exploit leverages improper input validation in Tcl-based expect scripts used for backup functionality, allowing arbitrary command execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Micro Focus ArcSight Logger (versions prior to 7.1.1) and ArcSight Management Center (version 2.7.1.2065.0)
Auth required
Prerequisites: Access to ArcSight Management Center with valid session tokens · Network access to the target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Scores

CVSS v3 9.8
EPSS 0.0283
EPSS Percentile 84.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-94
Status published
Products (1)
microfocus/arcsight_logger < 7.1.1
Published Nov 17, 2020
Tracked Since Feb 18, 2026