CVE-2013-5967

Name of the Vulnerable Software and Affected Versions AlienVault Open Source Security Information Management (OSSIM) versions 4.3 and earlier

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the date from parameter to several API endpoints, including "/radar-iso27001-potential.php", "/radar-iso27001-A12IS acquisition-pot.php", "/radar-iso27001-A11AccessControl-pot.php", "/radar-iso27001-A10Com OP Mgnt-pot.php", and "/radar-pci-potential.php" in the RadarReport/ directory.

Recommendations For AlienVault Open Source Security Information Management (OSSIM) versions 4.3 and earlier, consider restricting access to the vulnerable API endpoints until a patch is available. As a temporary workaround, avoid using the date from parameter in the affected endpoints. At the moment, there is no information about a newer version that contains a fix for this issue.