Vulnerability Details : CVE-2016-8580
PHP object injection vulnerabilities exist in multiple widget files in AlienVault OSSIM and USM before 5.3.2. These vulnerabilities allow arbitrary PHP code execution via magic methods in included classes.
Vulnerability category: BypassGain privilege
Products affected by CVE-2016-8580
- cpe:2.3:a:alienvault:unified_security_management:*:*:*:*:*:*:*:*
- Alienvault » Open Source Security Information And Event ManagementVersions up to, including, (<=) 5.3.1cpe:2.3:a:alienvault:open_source_security_information_and_event_management:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-8580
12.56%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 93 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-8580
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
|
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2016-8580
-
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-8580
-
http://www.securityfocus.com/bid/93864
AlienVault OSSIM and USM CVE-2016-8580 Multiple PHP Object Injection Vulnerabilities
-
https://www.exploit-db.com/exploits/40682/
Alienvault OSSIM/USM 5.3.1 - PHP Object Injection
-
https://www.alienvault.com/forums/discussion/7766/security-advisory-alienvault-5-3-2-address-70-vulnerabilities
Security Advisory - AlienVault 5.3.2 address 70 vulnerabilities | AT&T CybersecurityVendor Advisory
Jump to