PT-2016-7511 · Alienvault+1 · Alienvault Usm+2

Peter Lapp

Published

2016-10-28

Updated

2017-09-03

CVE-2016-8582

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions AlienVault OSSIM and USM versions prior to 5.3.2

Description A vulnerability exists that allows an attacker to execute an arbitrary SQL query, potentially leading to the retrieval of database information or the reading of local system files via MySQL's LOAD FILE.

Recommendations For versions prior to 5.3.2, update to version 5.3.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the gauge.php file to minimize the risk of exploitation.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2016-8582

Affected Products

Alienvault Ossim

Alienvault Usm

Mysql Server

PT-2016-7511 · Alienvault+1 · Alienvault Usm+2

CVE-2016-8582

Weakness Enumeration

Related Identifiers

Affected Products

References · 6