Alienvault Unified Security Management — known CVE vulnerabilities
Every CVE whose affected-product data names Alienvault Unified Security Management, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (12)
CVE-2016-8582 — CVSS 9.8 (critical): A vulnerability exists in gauge.php of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to execute an arbitrary SQL query and…
CVE-2016-7955 — CVSS 9.8 (critical): The logcheck function in session.inc in AlienVault OSSIM before 5.3.1, when an action has been created, and USM before 5.3.1 allows remote…
CVE-2016-8580 — CVSS 9.8 (critical): PHP object injection vulnerabilities exist in multiple widget files in AlienVault OSSIM and USM before 5.3.2. These vulnerabilities allow…
CVE-2017-6972 — CVSS 9.8 (critical): AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 have an error in privilege dropping and unnecessarily execute the NfSen Perl…
CVE-2015-3446 — CVSS 9.3 (critical): The Framework Daemon in AlienVault Unified Security Management before 4.15 allows remote attackers to execute arbitrary Python code via a…
CVE-2017-6971 — CVSS 8.8 (high): AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow remote authenticated users to execute arbitrary commands in a privileged…
CVE-2017-6970 — CVSS 8.4 (high): AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow local users to execute arbitrary commands in a privileged context via an…
CVE-2016-8583 — CVSS 6.1 (medium): Multiple GET parameters in the vulnerability scan scheduler of AlienVault OSSIM and USM before 5.3.2 are vulnerable to reflected XSS.
CVE-2016-8581 — CVSS 6.1 (medium): A persistent XSS vulnerability exists in the User-Agent header of the login process of AlienVault OSSIM and USM before 5.3.2 that allows an…
CVE-2017-14956 — CVSS 5.7 (medium): AlienVault USM v5.4.2 and earlier offers authenticated users the functionality of exporting generated reports via the…
CVE-2016-6913 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in AlienVault OSSIM before 5.3 and USM before 5.3 allows remote attackers to inject arbitrary web…