CVE-2016-8582
Published Oct 28, 2016
Last updated 7 years ago
Overview
- Description
- A vulnerability exists in gauge.php of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to execute an arbitrary SQL query and retrieve database information or read local system files via MySQL's LOAD_FILE.
- Source
- cve@mitre.org
- NVD status
- Modified
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-89
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_and_event_management:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "54AB403B-AABE-4C0F-A2C6-3D2E6AA81763",
"versionEndIncluding": "5.3.1"
},
{
"criteria": "cpe:2.3:a:alienvault:unified_security_management:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "294E154B-AEE3-454A-919A-AB4006BC6A02",
"versionEndIncluding": "5.3.1"
}
],
"operator": "OR"
}
]
}
]