PHP object injection vulnerabilities exist in multiple widget files in AlienVault OSSIM and USM before 5.3.2. These vulnerabilities allow arbitrary PHP code execution via magic methods in included classes.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HAlienvault Open Source Security Information And Event Management
APPAlienvaultβ€ 5.3.1Alienvault Unified Security Management
APPAlienvaultβ€ 5.3.1
π’
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
RCE
CWE
Related vulnerabilities
CVE-2018-7279CRITICAL9.8ten sam produkt
A remote code execution issue was discovered in AlienVault USM and OSSIM before 5.5.1.
CVE-2017-6972CRITICAL9.8ten sam produkt
AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 have an error in privilege dropping and unnecessa...
CVE-2016-7955CRITICAL9.8ten sam produkt
The logcheck function in session.inc in AlienVault OSSIM before 5.3.1, when an action has been created, and US...
CVE-2016-8582CRITICAL9.8ten sam produkt
A vulnerability exists in gauge.php of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to execut...
CVE-2017-6970HIGH8.4ten sam produkt
AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow local users to execute arbitrary commands i...