Vulnerabilities > Alienvault > Unified Security Management > 5.3.6
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-03-14 | CVE-2018-7279 | Unspecified vulnerability in Alienvault products A remote code execution issue was discovered in AlienVault USM and OSSIM before 5.5.1. | 9.8 |
2017-10-18 | CVE-2017-14956 | Cross-Site Request Forgery (CSRF) vulnerability in Alienvault Unified Security Management AlienVault USM v5.4.2 and earlier offers authenticated users the functionality of exporting generated reports via the "/ossim/report/wizard_email.php" script. | 5.7 |
2017-03-22 | CVE-2017-6972 | Improper Check for Dropped Privileges vulnerability in multiple products AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 have an error in privilege dropping and unnecessarily execute the NfSen Perl code as root, aka AlienVault ID ENG-104945, a different vulnerability than CVE-2017-6970 and CVE-2017-6971. | 9.8 |
2017-03-22 | CVE-2017-6971 | Injection vulnerability in multiple products AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow remote authenticated users to execute arbitrary commands in a privileged context, or launch a reverse shell, via vectors involving the PHP session ID and the NfSen PHP code, aka AlienVault ID ENG-104862. | 8.8 |
2017-03-22 | CVE-2017-6970 | OS Command Injection vulnerability in multiple products AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow local users to execute arbitrary commands in a privileged context via an NfSen socket, aka AlienVault ID ENG-104863. | 8.4 |