• Support
  • Forums
  • Blogs

Security Advisory, AlienVault v4.15 addresses two (2) vulnerabilities

LBarracoLBarraco

AlienVault Employee
+19
A couple vulnerabilities were discovered in the underlying OS packages in AlienVault v4.14 and lower. This vulnerabilities have been confirmed and fixed in the AlienVault v4.15. AlienVault encourages customers to upgrade to v4.15 to eliminate vulnerabilities.

See the v4.15 functional release notice for details on the release.



OpenVAS Security Update (CVE-2014-9220)

AlienVault ID: ENG-98226
Description: SQL injection vulnerability in OpenVAS Manager before 4.0.6 and 5.x before 5.0.7 allows remote attackers to execute arbitrary SQL commands via the timezone parameter in a modify_schedule OMP command.
CVE ID: CVE-2014-9220
CVSS v2 Base Score: 7.5
CVSS v2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)



Agent Vulnerability (ZDI-CAN-2630)

AlienVault ID: ENG-98435
Description: AlienVault Unified Security Management Plugin Remote Code Execution Vulnerability - The Framework Daemon on the USM listens on port 40003 to communicate with it's agents. This daemon facilitates communication with agents and allows unauthorized users to issue predefined commands to them by connecting to the AlienVault USM.
Credit: Spencer McIntyre working with HP's Zero Day Initiative
CVSS v2 Base Score: 9.3
CVSS v2 Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

Share post:

Comments

  • OpenVAS Manager before 4.0.6 and 5.x before 5.0.7 allows remote
    attackers to execute arbitrary SQL commands via the timezone parameter
    in a modify_schedule OMP command.


    [url=http://sbhmagazine.com][color=#ecf3f7]บาคาร่าออนไลน์[/color][/url] 
Sign In or Register to comment.