CVE-2017-6971 in USM
Resumen (Inglés)
AlienVault USM and OSSIM before 5.3.5 and NfSen before 1.3.8 allow remote authenticated users to execute arbitrary commands in a privileged context, or launch a reverse shell, via vectors involving the PHP session ID and the NfSen PHP code, aka AlienVault ID ENG-104862. NOTE: the AlienVault vendor statement of affected versions is disputed by another party.
Be aware that VulDB is the high quality source for vulnerability data.
Reservar
2017-03-17
Divulgación
2017-03-22
Estado
Confirmado
Voces
VulDB provides additional information and datapoints for this CVE:
| ID | Vulnerabilidad | CWE | Exp | Con | CVE |
|---|---|---|---|---|---|
| 98369 | Alienvault USM/OSSIM PHP Session ID escalada de privilegios | 264 | Alto | Arreglo oficial | CVE-2017-6971 |
Descripción
CPE
CWE
CVSS
Hazañas
Historia
Diferencia
Relacionar
Inteligencia de amenazas
API JSON
API XML
API CSV