Lappsec

**Name of the Vulnerable Software and Affected Versions** HPE Connected Backup versions 8.6 through 8.8.6 **Description** A potential security issue has been identified that could be exploited locally to allow escalation of privilege. **Recommendations** For HPE Connected Backup versions 8.6 through 8.8.6, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** AlienVault OSSIM versions prior to 5.3.1 USM versions prior to 5.3.1 **Description** The issue allows remote attackers to bypass authentication, potentially obtaining sensitive information, modifying the application, or executing arbitrary code as root. This is achieved via a specific "AV Report Scheduler" HTTP User-Agent header. **Recommendations** For AlienVault OSSIM versions prior to 5.3.1, update to version 5.3.1 or later to resolve the issue. For USM versions prior to 5.3.1, update to version 5.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `logcheck` function in `session.inc` until a patch is available.