Описание
The logcheck function in session.inc in AlienVault OSSIM before 5.3.1, when an action has been created, and USM before 5.3.1 allows remote attackers to bypass authentication and consequently obtain sensitive information, modify the application, or execute arbitrary code as root via an "AV Report Scheduler" HTTP User-Agent header.
Ссылки
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 5.3 (включая)Версия до 5.3 (включая)
Одно из
cpe:2.3:a:alienvault:ossim:*:*:*:*:*:*:*:*
cpe:2.3:a:alienvault:unified_security_management:*:*:*:*:*:*:*:*
EPSS
Процентиль: 92%
0.08552
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-264
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
The logcheck function in session.inc in AlienVault OSSIM before 5.3.1, when an action has been created, and USM before 5.3.1 allows remote attackers to bypass authentication and consequently obtain sensitive information, modify the application, or execute arbitrary code as root via an "AV Report Scheduler" HTTP User-Agent header.
EPSS
Процентиль: 92%
0.08552
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-264