Skip to main content

Open Source Security Information Management CVE-2018-7279

CRITICAL
2018-03-14 cve@mitre.org
9.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Mar 14, 2018 - 13:29 nvd
CRITICAL 9.8

DescriptionNVD

A remote code execution issue was discovered in AlienVault USM and OSSIM before 5.5.1.

AnalysisAI

A remote code execution issue was discovered in AlienVault USM and OSSIM before 5.5.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

A remote code execution issue was discovered in AlienVault USM and OSSIM before 5.5.1. Affected products include: Alienvault Open Source Security Information Management, Alienvault Unified Security Management. Version information: before 5.5.1..

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2014-3804 CRITICAL POC
10.0 Jun 13

The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a

CVE-2014-3805 CRITICAL POC
10.0 Jun 13

The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a

CVE-2013-5967 HIGH POC
7.5 Oct 09

Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.3 and earlier

CVE-2014-5210 CRITICAL POC
10.0 Aug 21

The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a

CVE-2014-5383 MEDIUM POC
6.5 Aug 21

SQL injection vulnerability in AlienVault OSSIM before 4.7.0 allows remote authenticated users to execute arbitrary SQL

CVE-2012-3835 MEDIUM POC
4.3 Jul 03

Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 3.

CVE-2014-4153 HIGH POC
7.8 Jun 18

The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to read arbitrary files via a craft

CVE-2015-4046 HIGH POC
7.2 May 23

The asset discovery scanner in AlienVault OSSIM before 5.0.1 allows remote authenticated users to execute arbitrary comm

CVE-2014-4152 CRITICAL
10.0 Jun 18

The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to execute arbitrary code via a cra

CVE-2014-4151 CRITICAL
10.0 Jun 18

The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to create arbitrary files and execu

CVE-2013-5321 HIGH POC
7.5 Aug 20

Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.1 allow remot

CVE-2014-5158 CRITICAL
10.0 Aug 21

The (1) av-centerd SOAP service and (2) backup command in the ossim-framework service in AlienVault OSSIM before 4.6.0 a

Share

CVE-2018-7279 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy