AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow remote authenticated users to execute arbitrary commands in a privileged context, or launch a reverse shell, via vectors involving the PHP session ID and the NfSen PHP code, aka AlienVault ID ENG-104862.
oryginał ENCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HAlienvault Ossim
APPAlienvault≤ 5.3.6Alienvault Unified Security Management
APPAlienvault≤ 5.3.6Nfsen
APPNfsen≤ 1.3.7
Powiązane podatności
A remote code execution issue was discovered in AlienVault USM and OSSIM before 5.5.1.
NfSen before 1.3.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the cu...
AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 have an error in privilege dropping and unnecessa...
The logcheck function in session.inc in AlienVault OSSIM before 5.3.1, when an action has been created, and US...
PHP object injection vulnerabilities exist in multiple widget files in AlienVault OSSIM and USM before 5.3.2. ...