Lucene search

[email protected]CVE-2016-8581

HistoryOct 28, 2016 - 3:59 p.m.

CVE-2016-8581

2016-10-2815:59:05

CWE-79

[email protected]

web.nvd.nist.gov

cve-2016-8581

persistent xss

user-agent header

alienvault ossim

usm

information security

vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.005 Low

EPSS

Percentile

76.2%

JSON

A persistent XSS vulnerability exists in the User-Agent header of the login process of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to steal session IDs of logged in users when the current sessions are viewed by an administrator.

Affected configurations

NVD

Node

alienvaultopen_source_security_information_and_event_managementRange≤5.3.1

alienvaultunified_security_managementRange≤5.3.1

CPENameOperatorVersion
alienvault:open_source_security_information_and_event_managementalienvault open source security information and event managementle5.3.1
alienvault:unified_security_managementalienvault unified security managementle5.3.1

CPE	Name	Operator	Version
alienvault:open_source_security_information_and_event_management	alienvault open source security information and event management	le	5.3.1
alienvault:unified_security_management	alienvault unified security management	le	5.3.1