Alienvault Unified_security_management
11 CVEs affecting Alienvault Unified_security_management. Latest disclosed: 2017-10-18. Critical: 4, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-6972 | Critical | 9.8 | 2017-03-22 | AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 have an error in privilege dropping and unnecessarily execute the NfSen Perl code as root, aka Ali… |
CVE-2016-7955 | Critical | 9.8 | 2017-03-15 | The logcheck function in session.inc in AlienVault OSSIM before 5.3.1, when an action has been created, and USM before 5.3.1 allows remote attackers to bypass… |
CVE-2016-8582 | Critical | 9.8 | 2016-10-28 | A vulnerability exists in gauge.php of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to execute an arbitrary SQL query and retrieve database in… |
CVE-2016-8580 | Critical | 9.8 | 2016-10-28 | PHP object injection vulnerabilities exist in multiple widget files in AlienVault OSSIM and USM before 5.3.2. These vulnerabilities allow arbitrary PHP code ex… |
CVE-2017-6971 | High | 8.8 | 2017-03-22 | AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow remote authenticated users to execute arbitrary commands in a privileged context, or launch… |
CVE-2017-6970 | High | 8.4 | 2017-03-22 | AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow local users to execute arbitrary commands in a privileged context via an NfSen socket, aka A… |
CVE-2016-8583 | Medium | 6.1 | 2016-10-28 | Multiple GET parameters in the vulnerability scan scheduler of AlienVault OSSIM and USM before 5.3.2 are vulnerable to reflected XSS. |
CVE-2016-8581 | Medium | 6.1 | 2016-10-28 | A persistent XSS vulnerability exists in the User-Agent header of the login process of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to steal s… |
CVE-2017-14956 | Medium | 5.7 | 2017-10-18 | AlienVault USM v5.4.2 and earlier offers authenticated users the functionality of exporting generated reports via the "/ossim/report/wizard_email.php" script… |
CVE-2016-6913 | Medium | 5.4 | 2016-09-26 | Cross-site scripting (XSS) vulnerability in AlienVault OSSIM before 5.3 and USM before 5.3 allows remote attackers to inject arbitrary web script or HTML via t… |
CVE-2015-3446 | | 2015-05-01 | The Framework Daemon in AlienVault Unified Security Management before 4.15 allows remote attackers to execute arbitrary Python code via a crafted plugin config… |