Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The logcheck function in session.inc in AlienVault OSSIM before 5.3.1, when an action has been created, and USM before 5.3.1 allows remote attackers to bypass authentication and consequently obtain sensitive information, modify the application, or execute arbitrary code as root via an "AV Report Scheduler" HTTP User-Agent header.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
AlienVault OSSIM和USM 安全漏洞
Vulnerability Description
AlienVault OSSIM和USM都是美国AlienVault公司的产品。OSSIM是一套开源的安全信息管理系统。USM是一套提供了安全监控、安全事件管理和报告、威胁感知系统等功能的安全管理平台。 AlienVault OSSIM和USM 5.3.1之前的版本中的session.inc文件的‘logcheck’函数存在安全漏洞。远程攻击者可借助‘AV Report Scheduler’HTTP User-Agent头利用该漏洞绕过身份验证,获取敏感信息,修改应用程序或以root权限执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A