GCVE - cpe:2.3:a:alienvault:unified_security

Approved changes feed: RSS · Atom

cpe:2.3:a:alienvault:unified_security_management:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Alienvault (`d51cdd55-2f5a-537b-8b4f-3f5508c62127`)
Product	Unified Security Management (`359bd0a9-14e9-5b9b-bcdb-8eec8881b900`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2018-7279`	vulnerable	2026-06-08 05:12:03.556868	Details available A remote code execution issue was discovered in AlienVault USM and OSSIM before 5.5.1. Published: 2018-03-14T13:00:00.000Z Updated: 2024-08-05T06:24:11.760Z Open on db.gcve.eu Reference links https://www.alienvault.com/forums/discussion/17155/alienvault-v5-5-1-hotfix-important-update https://www.alienvault.com/forums/discussion/17204/security-advisory-alienvault-v5-5-1-resolves-critical-vulnerability	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-6972`	vulnerable	2026-06-08 05:09:55.211142	Details available AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 have an error in privilege dropping and unnecessarily execute the NfSen Perl code as root, aka AlienVault ID ENG-104945, a different vulnerability than CVE-2017-6970 and CVE-2017-6971. Published: 2017-03-22T20:00:00.000Z Updated: 2024-08-05T15:49:02.101Z Open on db.gcve.eu Reference links https://sourceforge.net/p/nfsen/news/2017/01/nfsen-138-released---security-fix/ http://www.securityfocus.com/bid/97016 https://www.exploit-db.com/exploits/42314/ https://www.alienvault.com/forums/discussion/8698	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-6971`	vulnerable	2026-06-08 05:09:55.210734	Details available AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow remote authenticated users to execute arbitrary commands in a privileged context, or launch a reverse shell, via vectors involving the PHP session ID and the NfSen PHP code, aka AlienVault ID ENG-104862. Published: 2017-03-22T14:00:00.000Z Updated: 2024-08-05T15:49:02.140Z Open on db.gcve.eu Reference links https://sourceforge.net/p/nfsen/news/2017/01/nfsen-138-released---security-fix/ https://www.alienvault.com/forums/discussion/8325/ https://www.exploit-db.com/exploits/42306/ https://www.alienvault.com/forums/discussion/8698	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-6970`	vulnerable	2026-06-08 05:09:55.209554	Details available AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow local users to execute arbitrary commands in a privileged context via an NfSen socket, aka AlienVault ID ENG-104863. Published: 2017-03-22T14:00:00.000Z Updated: 2024-08-05T15:49:02.827Z Open on db.gcve.eu Reference links https://sourceforge.net/p/nfsen/news/2017/01/nfsen-138-released---security-fix/ https://www.alienvault.com/forums/discussion/8325/ https://www.exploit-db.com/exploits/42305/ https://www.alienvault.com/forums/discussion/8698	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-14956`	vulnerable	2026-06-08 05:08:57.673563	Details available AlienVault USM v5.4.2 and earlier offers authenticated users the functionality of exporting generated reports via the "/ossim/report/wizard_email.php" script. Besides offering an export via a local download, the script also offers the possibility to send out any report via email to a given address (either in PDF or XLS format). Since there is no anti-CSRF token protecting this functionality, it is vulnerable to Cross-Site Request Forgery attacks. Published: 2017-10-18T18:00:00.000Z Updated: 2024-08-05T19:42:22.333Z Open on db.gcve.eu Reference links http://packetstormsecurity.com/files/144617/AlienVault-USM-5.4.2-Cross-Site-Request-Forgery.html https://www.exploit-db.com/exploits/42988/ https://www.rcesecurity.com/2017/10/cve-2017-14956-alienvault-usm-leaks-sensitive-compliance-information-via-csrf/ http://www.securityfocus.com/bid/101284 http://seclists.org/fulldisclosure/2017/Oct/32	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-8583`	vulnerable	2026-06-08 05:08:14.409653	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-8582`	vulnerable	2026-06-08 05:08:14.409320	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-8581`	vulnerable	2026-06-08 05:08:14.408972	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-8580`	vulnerable	2026-06-08 05:08:14.408516	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-7955`	vulnerable	2026-06-08 05:08:13.619584	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-6913`	vulnerable	2026-06-08 05:08:11.407299	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-3446`	vulnerable	2026-06-08 05:06:38.306622	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Unified Security Management

PURL mappings

Vulnerability references

Contribute