Lucene search

MitreCVE-2013-5321

HistoryAug 20, 2013 - 2:56 p.m.

CVE-2013-5321

2013-08-2014:56:29

CWE-89

mitre

web.nvd.nist.gov

cve-2013-5321

sql injection

alienvault ossim

remote code execution

security vulnerability

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.7

Confidence

Low

EPSS

0.053

Percentile

93.2%

JSON

Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.1 allow remote attackers to execute arbitrary SQL commands via the (1) sensor parameter in a Query action to forensics/base_qry_main.php; the (2) tcp_flags[] or (3) tcp_port[0][4] parameter to forensics/base_stat_alerts.php; the (4) ip_addr[1][8] or (5) port_type parameter to forensics/base_stat_ports.php; or the (6) sortby or (7) rvalue parameter in a search action to vulnmeter/index.php.

Affected configurations

Nvd

Node

alienvaultopen_source_security_information_managementMatch4.1

VendorProductVersionCPE
alienvaultopen_source_security_information_management4.1cpe:2.3:a:alienvault:open_source_security_information_management:4.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
alienvault	open_source_security_information_management	4.1	cpe:2.3:a:alienvault:open_source_security_information_management:4.1:::::::*

References

www.exploit-db.com/exploits/26406

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.7

Confidence

Low

EPSS

0.053

Percentile

93.2%

JSON

Related for CVE-2013-5321