Vulnerabilities > Alienvault > Open Source Security Information AND Event Management > High

DATE	CVE	VULNERABILITY TITLE	RISK
2016-10-28	CVE-2016-8582	SQL Injection vulnerability in Alienvault products A vulnerability exists in gauge.php of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to execute an arbitrary SQL query and retrieve database information or read local system files via MySQL's LOAD_FILE. network low complexity alienvault CWE-89	7.5
2016-10-28	CVE-2016-8580	Improper Access Control vulnerability in Alienvault products PHP object injection vulnerabilities exist in multiple widget files in AlienVault OSSIM and USM before 5.3.2. network low complexity alienvault CWE-284	7.5

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.