CVE-2016-8582

high-risk

Published 2016-10-28

A vulnerability exists in gauge.php of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to execute an arbitrary SQL query and retrieve database information or read local system files via MySQL's LOAD_FILE.

Do I need to act?

80.5% chance of exploitation in next 30 days

EPSS score — higher than 19% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

1 public exploit available

40684

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (2)

Open Source Security Information And Event Management

Unified Security Management

Affected Vendors

Alienvault

References (6)

http://www.securityfocus.com/bid/93866

Vendor Advisory https://www.alienvault.com/forums/discussion/7766/security-advisory-alienvault-5...

https://www.exploit-db.com/exploits/40684/

http://www.securityfocus.com/bid/93866

Vendor Advisory https://www.alienvault.com/forums/discussion/7766/security-advisory-alienvault-5...

https://www.exploit-db.com/exploits/40684/

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 27/34 · High

Exposure 7/34 · Low