Lucene search

MitreCVE-2013-5967

HistoryOct 09, 2013 - 2:54 p.m.

CVE-2013-5967

2013-10-0914:54:26

CWE-89

mitre

web.nvd.nist.gov

cve

2013

5967

sql injection

alienvault

ossim 4.3

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.8

Confidence

Low

EPSS

0.001

Percentile

40.2%

JSON

Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.3 and earlier allow remote attackers to execute arbitrary SQL commands via the date_from parameter to (1) radar-iso27001-potential.php, (2) radar-iso27001-A12IS_acquisition-pot.php, (3) radar-iso27001-A11AccessControl-pot.php, (4) radar-iso27001-A10Com_OP_Mgnt-pot.php, or (5) radar-pci-potential.php in RadarReport/.

Affected configurations

Nvd

Node

alienvaultopen_source_security_information_managementRange≤4.3

alienvaultopen_source_security_information_managementMatch1.0.4

alienvaultopen_source_security_information_managementMatch1.0.6

alienvaultopen_source_security_information_managementMatch2.1

alienvaultopen_source_security_information_managementMatch2.1.2

alienvaultopen_source_security_information_managementMatch2.1.5

alienvaultopen_source_security_information_managementMatch2.1.5-1

alienvaultopen_source_security_information_managementMatch2.1.5-2

alienvaultopen_source_security_information_managementMatch2.1.5-3

alienvaultopen_source_security_information_managementMatch3.1

alienvaultopen_source_security_information_managementMatch3.1.9

alienvaultopen_source_security_information_managementMatch3.1.10

alienvaultopen_source_security_information_managementMatch3.1.12

alienvaultopen_source_security_information_managementMatch4.0.3

alienvaultopen_source_security_information_managementMatch4.0.4

alienvaultopen_source_security_information_managementMatch4.1

alienvaultopen_source_security_information_managementMatch4.1.2

alienvaultopen_source_security_information_managementMatch4.1.3

alienvaultopen_source_security_information_managementMatch4.2

alienvaultopen_source_security_information_managementMatch4.2.2

alienvaultopen_source_security_information_managementMatch4.2.3

VendorProductVersionCPE
alienvaultopen_source_security_information_management*cpe:2.3:a:alienvault:open_source_security_information_management:*:*:*:*:*:*:*:*
alienvaultopen_source_security_information_management1.0.4cpe:2.3:a:alienvault:open_source_security_information_management:1.0.4:*:*:*:*:*:*:*
alienvaultopen_source_security_information_management1.0.6cpe:2.3:a:alienvault:open_source_security_information_management:1.0.6:*:*:*:*:*:*:*
alienvaultopen_source_security_information_management2.1cpe:2.3:a:alienvault:open_source_security_information_management:2.1:*:*:*:*:*:*:*
alienvaultopen_source_security_information_management2.1.2cpe:2.3:a:alienvault:open_source_security_information_management:2.1.2:*:*:*:*:*:*:*
alienvaultopen_source_security_information_management2.1.5cpe:2.3:a:alienvault:open_source_security_information_management:2.1.5:*:*:*:*:*:*:*
alienvaultopen_source_security_information_management2.1.5-1cpe:2.3:a:alienvault:open_source_security_information_management:2.1.5-1:*:*:*:*:*:*:*
alienvaultopen_source_security_information_management2.1.5-2cpe:2.3:a:alienvault:open_source_security_information_management:2.1.5-2:*:*:*:*:*:*:*
alienvaultopen_source_security_information_management2.1.5-3cpe:2.3:a:alienvault:open_source_security_information_management:2.1.5-3:*:*:*:*:*:*:*
alienvaultopen_source_security_information_management3.1cpe:2.3:a:alienvault:open_source_security_information_management:3.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
alienvault	open_source_security_information_management	*	cpe:2.3:a:alienvault:open_source_security_information_management::::::::
alienvault	open_source_security_information_management	1.0.4	cpe:2.3:a:alienvault:open_source_security_information_management:1.0.4:::::::*
alienvault	open_source_security_information_management	1.0.6	cpe:2.3:a:alienvault:open_source_security_information_management:1.0.6:::::::*
alienvault	open_source_security_information_management	2.1	cpe:2.3:a:alienvault:open_source_security_information_management:2.1:::::::*
alienvault	open_source_security_information_management	2.1.2	cpe:2.3:a:alienvault:open_source_security_information_management:2.1.2:::::::*
alienvault	open_source_security_information_management	2.1.5	cpe:2.3:a:alienvault:open_source_security_information_management:2.1.5:::::::*
alienvault	open_source_security_information_management	2.1.5-1	cpe:2.3:a:alienvault:open_source_security_information_management:2.1.5-1:::::::*
alienvault	open_source_security_information_management	2.1.5-2	cpe:2.3:a:alienvault:open_source_security_information_management:2.1.5-2:::::::*
alienvault	open_source_security_information_management	2.1.5-3	cpe:2.3:a:alienvault:open_source_security_information_management:2.1.5-3:::::::*
alienvault	open_source_security_information_management	3.1	cpe:2.3:a:alienvault:open_source_security_information_management:3.1:::::::*