Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3834

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2012-3834
Last Modified 24 Aug 2012 12:00:00
Published 03 Jul 2012 06:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2012-3834

Summary

SQL injection vulnerability in forensics/base_qry_main.php in AlienVault Open Source Security Information Management (OSSIM) 3.1 allows remote authenticated users to execute arbitrary SQL commands via the time[0][0] parameter.

Vulnerable Systems

Application

  • Alienvault Open Source Security Information Management 3.1


References

XF - alienvault-baseqrymain-sql-injection(75290)

BID - 53331

MISC - http://www.koramis.com/advisories/2012/KORAMIS-ADV2012-002.txt

EXPLOIT-DB - 18800

MISC - http://www.darksecurity.de/index.php?/211-KORAMIS-ADV2012-002-Alienvault-OSSIM-Open-Source-SIEM-3.1-Multiple-security-vulnerabilities.html

SECUNIA - 49005


Last Updated: 27 May 2016 10:51:38