CVE-2009-3441

Name of the Vulnerable Software and Affected Versions OSSIM versions prior to 2.1.2

Description The issue allows remote attackers to bypass authentication and access sensitive information. This can be achieved by making a direct request to specific API endpoints, such as "graphs/alarms events.php" or "host/draw tree.php". This enables attackers to read graphs or infrastructure information without proper authorization.

Recommendations For versions prior to 2.1.2, update to version 2.1.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the "graphs/alarms events.php" and "host/draw tree.php" endpoints until the update is applied.