9.8
CVE-2016-8580
- EPSS 12.56%
- Veröffentlicht 28.10.2016 15:59:03
- Zuletzt bearbeitet 12.04.2025 10:46:40
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginPHP object injection vulnerabilities exist in multiple widget files in AlienVault OSSIM and USM before 5.3.2. These vulnerabilities allow arbitrary PHP code execution via magic methods in included classes.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Alienvault ≫ Open Source Security Information And Event Management Version <= 5.3.1
Alienvault ≫ Unified Security Management Version <= 5.3.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 12.56% | 0.933 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.