CVE-2015-4046
HIGHAlienVault OSSIM < 5.0 - Authenticated Remote Code Execution via Asset Discovery Scanner
Title source: llmDescription
The asset discovery scanner in AlienVault OSSIM before 5.0.1 allows remote authenticated users to execute arbitrary commands via the assets array parameter to netscan/do_scan.php.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/74795
Exploit, Third Party Advisory x_refsource_misc
https://sysdream.com/uploads/media/default/0001/01/8c6a70098657b4474fe7abe9bcdd5e73b234b610.pdf
Patch, Vendor Advisory x_refsource_confirm
https://www.alienvault.com/forums/discussion/5127/
Scores
CVSS v3
7.2
EPSS
0.0271
EPSS Percentile
84.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-77
Status
published
Products (1)
alienvault/open_source_security_information_management
< 5.0
Published
May 23, 2017
Tracked Since
Feb 18, 2026