AlienVault OSSIM 'ws_data' Parameter SQL Injection Vulnerability
BID:68996
Info
AlienVault OSSIM 'ws_data' Parameter SQL Injection Vulnerability
| Bugtraq ID: | 68996 |
| Class: | Input Validation Error |
| CVE: |
CVE-2014-5159 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 01 2014 12:00AM |
| Updated: | Aug 01 2014 12:00AM |
| Credit: | grimmlin |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
AlienVault OSSIM 'ws_data' Parameter SQL Injection Vulnerability
AlienVault OSSIM is prone to an SQL-injection vulnerability because they fail to properly sanitize user-supplied input before using it in an SQL query.
An attacker can leverage this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
NOTE: This issue was previously discussed in BID 68864 (AlienVault Prior to 4.6.0 Multiple Security Vulnerabilities) but has been given its own record to better document it.
AlienVault OSSIM prior to 4.6.0 are vulnerable.
AlienVault OSSIM is prone to an SQL-injection vulnerability because they fail to properly sanitize user-supplied input before using it in an SQL query.
An attacker can leverage this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
NOTE: This issue was previously discussed in BID 68864 (AlienVault Prior to 4.6.0 Multiple Security Vulnerabilities) but has been given its own record to better document it.
AlienVault OSSIM prior to 4.6.0 are vulnerable.
Exploit / POC
AlienVault OSSIM 'ws_data' Parameter SQL Injection Vulnerability
An attacker can exploit this issue through web browser.
An attacker can exploit this issue through web browser.
Solution / Fix
AlienVault OSSIM 'ws_data' Parameter SQL Injection Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
AlienVault OSSIM 'ws_data' Parameter SQL Injection Vulnerability
References:
References:
- Alienvault Homepage (Alienvault)