CVE-2017-14956

Name of the Vulnerable Software and Affected Versions AlienVault USM versions 5.4.2 and earlier

Description The issue allows authenticated users to export generated reports via the "/ossim/report/wizard email.php" API endpoint. This endpoint offers the possibility to send out any report via email to a given address in PDF or XLS format. The functionality is vulnerable to Cross-Site Request Forgery attacks due to the lack of an anti-CSRF token.

Recommendations For AlienVault USM versions 5.4.2 and earlier, as a temporary workaround, consider disabling the email export functionality in the "/ossim/report/wizard email.php" API endpoint until a patch is available. Restrict access to this endpoint to minimize the risk of exploitation. Avoid using this endpoint to send reports via email until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.