Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-3439

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2009-3439
Last Modified 29 Sep 2009 12:00:00
Published 28 Sep 2009 06:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2009-3439

Summary

Multiple SQL injection vulnerabilities in Open Source Security Information Management (OSSIM) before 2.1.2 allow remote authenticated users to execute arbitrary SQL commands via the id_document parameter to (1) repository_document.php, (2) repository_links.php, and (3) repository_editdocument.php in repository/; the (4) group parameter to policy/getpolicy.php; the name parameter to (5) host/newhostgroupform.php and (6) net/modifynetform.php; and unspecified other vectors related to the policy menu.

Vulnerable Systems

Application

  • Alienvault Ossim 1.0.4

  • Alienvault Ossim 1.0.6

  • Alienvault Ossim 2.1


References

BID - 36504

BUGTRAQ - 20090923 [DSECRG-09-055] OSSIM 2.1 - Multiple security vulnerabilities

SECUNIA - 36867

MISC - http://dsecrg.com/pages/vul/show.php?id=155


Last Updated: 27 May 2016 10:51:16