CVE-2020-11851

CRITICAL

Microfocus Arcsight Logger < 7.1.1 - Code Injection

Title source: rule

Description

Arbitrary code execution vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. The vulnerability could be remotely exploited resulting in the execution of arbitrary code.

Exploits (1)

nomisec WORKING POC 20 stars

by ch1nghz · poc

https://github.com/ch1nghz/CVE-2020-11851

View Code ZIP pw:eip

References (1)

[Various Sources] https://community.microfocus.com/t5/Logger/Logger-Release-Notes-7-1-1/ta-p/2837600

Scores

CVSS v3 9.8

EPSS 0.0389

EPSS Percentile 88.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-94

Status published

Products (1)

microfocus/arcsight_logger < 7.1.1

Published Nov 17, 2020

Tracked Since Feb 18, 2026