CVE Tools

alienvault

Security ProductsUScommercial

34

Cumulative CVEs

13

Monthly snapshots

#20

Peak rank

Top products

unified security management1

Latest CVEs

The 15 most recently published vulnerabilities affecting alienvault.

CVE-2013-6056OSSIM before 4.3.3.1 has tele_compress.php path traversal vulnerability7.5Jan 27, 2020
CVE-2018-7279A remote code execution issue was discovered in AlienVault USM and OSSIM before 5.5.1.9.8Mar 14, 2018
CVE-2017-14956AlienVault USM v5.4.2 and earlier offers authenticated users the functionality of exporting generated reports via the "/ossim/report/wizard_email.php" script. Besides offering an export via a local...5.7Oct 18, 2017
CVE-2015-4046The asset discovery scanner in AlienVault OSSIM before 5.0.1 allows remote authenticated users to execute arbitrary commands via the assets array parameter to netscan/do_scan.php.7.2May 23, 2017
CVE-2015-4045The sudoers file in the asset discovery scanner in AlienVault OSSIM before 5.0.1 allows local users to gain privileges via a crafted nmap script.6.7May 23, 2017
CVE-2017-6972AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 have an error in privilege dropping and unnecessarily execute the NfSen Perl code as root, aka AlienVault ID ENG-104945, a different vul...9.8Mar 22, 2017
CVE-2017-6971AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow remote authenticated users to execute arbitrary commands in a privileged context, or launch a reverse shell, via vectors involving...8.8Mar 22, 2017
CVE-2017-6970AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow local users to execute arbitrary commands in a privileged context via an NfSen socket, aka AlienVault ID ENG-104863.8.4Mar 22, 2017
CVE-2016-7955The logcheck function in session.inc in AlienVault OSSIM before 5.3.1, when an action has been created, and USM before 5.3.1 allows remote attackers to bypass authentication and consequently obtain...9.8Mar 15, 2017
CVE-2016-8583Multiple GET parameters in the vulnerability scan scheduler of AlienVault OSSIM and USM before 5.3.2 are vulnerable to reflected XSS.6.1Oct 28, 2016
CVE-2016-8582A vulnerability exists in gauge.php of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to execute an arbitrary SQL query and retrieve database information or read local system files v...9.8Oct 28, 2016
CVE-2016-8581A persistent XSS vulnerability exists in the User-Agent header of the login process of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to steal session IDs of logged in users when the...6.1Oct 28, 2016
CVE-2016-8580PHP object injection vulnerabilities exist in multiple widget files in AlienVault OSSIM and USM before 5.3.2. These vulnerabilities allow arbitrary PHP code execution via magic methods in included ...9.8Oct 28, 2016
CVE-2016-6913Cross-site scripting (XSS) vulnerability in AlienVault OSSIM before 5.3 and USM before 5.3 allows remote attackers to inject arbitrary web script or HTML via the back parameter to ossim/conf/reload...5.4Sep 26, 2016
CVE-2015-3446The Framework Daemon in AlienVault Unified Security Management before 4.15 allows remote attackers to execute arbitrary Python code via a crafted plugin configuration file (.cfg).9.3May 1, 2015