Alienvault Open_source_security_information_and_event_management
5 CVEs affecting Alienvault Open_source_security_information_and_event_management. Latest disclosed: 2016-10-28. Critical: 2, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2016-8582 | Critical | 9.8 | 2016-10-28 | A vulnerability exists in gauge.php of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to execute an arbitrary SQL query and retrieve database in… |
CVE-2016-8580 | Critical | 9.8 | 2016-10-28 | PHP object injection vulnerabilities exist in multiple widget files in AlienVault OSSIM and USM before 5.3.2. These vulnerabilities allow arbitrary PHP code ex… |
CVE-2016-8583 | Medium | 6.1 | 2016-10-28 | Multiple GET parameters in the vulnerability scan scheduler of AlienVault OSSIM and USM before 5.3.2 are vulnerable to reflected XSS. |
CVE-2016-8581 | Medium | 6.1 | 2016-10-28 | A persistent XSS vulnerability exists in the User-Agent header of the login process of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to steal s… |
CVE-2016-6913 | Medium | 5.4 | 2016-09-26 | Cross-site scripting (XSS) vulnerability in AlienVault OSSIM before 5.3 and USM before 5.3 allows remote attackers to inject arbitrary web script or HTML via t… |