CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2016-8580

CVSS 9.8v3.0pub. 2016-10-28upd. 2026-05-06

PHP object injection vulnerabilities exist in multiple widget files in AlienVault OSSIM and USM before 5.3.2. These vulnerabilities allow arbitrary PHP code execution via magic methods in included classes.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Alienvault Open Source Security Information And Event Management

    APP
    Alienvault
    ≤ 5.3.1
  • Alienvault Unified Security Management

    APP
    Alienvault
    ≤ 5.3.1
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2018-7279CRITICAL9.8ten sam produkt

A remote code execution issue was discovered in AlienVault USM and OSSIM before 5.5.1.

CVE-2017-6972CRITICAL9.8ten sam produkt

AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 have an error in privilege dropping and unnecessa...

CVE-2016-7955CRITICAL9.8ten sam produkt

The logcheck function in session.inc in AlienVault OSSIM before 5.3.1, when an action has been created, and US...

CVE-2016-8582CRITICAL9.8ten sam produkt

A vulnerability exists in gauge.php of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to execut...

CVE-2017-6970HIGH8.4ten sam produkt

AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow local users to execute arbitrary commands i...