GCVE - cpe:2.3:a:alienvault:ossim:1.0.6:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:alienvault:ossim:1.0.6:*:*:*:*:*:*:*

part: a version: 1.0.6 update: *

Vendor	Alienvault (`d51cdd55-2f5a-537b-8b4f-3f5508c62127`)
Product	Ossim (`73d86aaa-3d10-5516-8460-648aee291fe2`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2009-3441`	vulnerable	2026-06-08 04:51:41.966162	Details available Open Source Security Information Management (OSSIM) before 2.1.2 allows remote attackers to bypass authentication, and read graphs or infrastructure information, via a direct request to (1) graphs/alarms_events.php or (2) host/draw_tree.php. Published: 2009-09-28T22:00:00.000Z Updated: 2024-08-07T06:31:10.310Z Open on db.gcve.eu Reference links http://dsecrg.com/pages/vul/show.php?id=155 http://www.securityfocus.com/bid/36504 http://secunia.com/advisories/36867 http://www.securityfocus.com/archive/1/506663/100/0/threaded	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-3440`	vulnerable	2026-06-08 04:51:41.965784	Details available Cross-site scripting (XSS) vulnerability in Open Source Security Information Management (OSSIM) before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the option parameter to the default URI (aka the main menu). Published: 2009-09-28T22:00:00.000Z Updated: 2024-08-07T06:31:10.295Z Open on db.gcve.eu Reference links http://dsecrg.com/pages/vul/show.php?id=155 http://www.securityfocus.com/bid/36504 http://secunia.com/advisories/36867 http://www.securityfocus.com/archive/1/506663/100/0/threaded	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-3439`	vulnerable	2026-06-08 04:51:41.963959	Details available Multiple SQL injection vulnerabilities in Open Source Security Information Management (OSSIM) before 2.1.2 allow remote authenticated users to execute arbitrary SQL commands via the id_document parameter to (1) repository_document.php, (2) repository_links.php, and (3) repository_editdocument.php in repository/; the (4) group parameter to policy/getpolicy.php; the name parameter to (5) host/newhostgroupform.php and (6) net/modifynetform.php; and unspecified other vectors related to the policy menu. Published: 2009-09-28T22:00:00.000Z Updated: 2024-08-07T06:31:09.224Z Open on db.gcve.eu Reference links http://dsecrg.com/pages/vul/show.php?id=155 http://www.securityfocus.com/bid/36504 http://secunia.com/advisories/36867 http://www.securityfocus.com/archive/1/506663/100/0/threaded	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.