9.8
CVE-2016-7955
- EPSS 6.41%
- Veröffentlicht 15.03.2017 16:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginThe logcheck function in session.inc in AlienVault OSSIM before 5.3.1, when an action has been created, and USM before 5.3.1 allows remote attackers to bypass authentication and consequently obtain sensitive information, modify the application, or execute arbitrary code as root via an "AV Report Scheduler" HTTP User-Agent header.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Alienvault ≫ Ossim Version <= 5.3
Alienvault ≫ Unified Security Management Version <= 5.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 6.41% | 0.928 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
http://www.securityfocus.com/archive/1/540224/100/0/threaded
http://www.zerodayinitiative.com/advisories/ZDI-16-517/
https://www.alienvault.com/forums/discussion/7765/alienvault-v5-3-1-hotfix