Alienvault Open Source Security Information And Event Management — known CVE vulnerabilities
Every CVE whose affected-product data names Alienvault Open Source Security Information And Event Management, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2016-8580 — CVSS 9.8 (critical): PHP object injection vulnerabilities exist in multiple widget files in AlienVault OSSIM and USM before 5.3.2. These vulnerabilities allow…
CVE-2016-8582 — CVSS 9.8 (critical): A vulnerability exists in gauge.php of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to execute an arbitrary SQL query and…
CVE-2016-8581 — CVSS 6.1 (medium): A persistent XSS vulnerability exists in the User-Agent header of the login process of AlienVault OSSIM and USM before 5.3.2 that allows an…
CVE-2016-8583 — CVSS 6.1 (medium): Multiple GET parameters in the vulnerability scan scheduler of AlienVault OSSIM and USM before 5.3.2 are vulnerable to reflected XSS.
CVE-2016-6913 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in AlienVault OSSIM before 5.3 and USM before 5.3 allows remote attackers to inject arbitrary web…