Vulnerabilities > Alienvault > Ossim > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-03-22 | CVE-2017-6972 | Improper Check for Dropped Privileges vulnerability in multiple products AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 have an error in privilege dropping and unnecessarily execute the NfSen Perl code as root, aka AlienVault ID ENG-104945, a different vulnerability than CVE-2017-6970 and CVE-2017-6971. | 10.0 |
2017-03-22 | CVE-2017-6971 | Injection vulnerability in multiple products AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow remote authenticated users to execute arbitrary commands in a privileged context, or launch a reverse shell, via vectors involving the PHP session ID and the NfSen PHP code, aka AlienVault ID ENG-104862. | 9.0 |