Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
355
VMScore

CVE-2017-14956

Published: 18/10/2017 Updated: 13/05/2019
CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8
CVSS v3 Base Score: 5.7 | Impact Score: 3.6 | Exploitability Score: 2.1
VMScore: 355
Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N

Vulnerability Summary

AlienVault USM v5.4.2 and previous versions offers authenticated users the functionality of exporting generated reports via the "/ossim/report/wizard_email.php" script. Besides offering an export via a local download, the script also offers the possibility to send out any report via email to a given address (either in PDF or XLS format). Since there is no anti-CSRF token protecting this functionality, it is vulnerable to Cross-Site Request Forgery attacks.

Vulnerable Product Search on Vulmon Subscribe to Product

alienvault unified security management

Exploits

Exploit DB: AlienVault Unified Security Management (USM) 5.4.2 - Cross-Site Request Forgery
1 ADVISORY INFORMATION ======================= Product: AlienVault USM Vendor URL: wwwalienvaultcom Type: Cross-Site Request Forgery [CWE-253] Date found: 2017-09-22 Date published: 2017-10-13 CVSSv3 Score: 65 (CVSS:30/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) CVE: CVE-2017-14956 2 CREDITS ========== ...
Exploit DB: AlienVault USM 5.4.2 Cross Site Request Forgery
AlienVault USM version 542 suffers from a cross site request forgery vulnerability ...

References

CWE-352https://www.rcesecurity.com/2017/10/cve-2017-14956-alienvault-usm-leaks-sensitive-compliance-information-via-csrf/https://www.exploit-db.com/exploits/42988/http://www.securityfocus.com/bid/101284http://seclists.org/fulldisclosure/2017/Oct/32http://packetstormsecurity.com/files/144617/AlienVault-USM-5.4.2-Cross-Site-Request-Forgery.htmlhttp://www.securityfocus.com/archive/1/541342/100/0/threadedhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/42988/
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
injectCVE-2024-34001CVE-2024-37018LFICVE-2024-1275CVE-2024-1086CSRFCVE-2024-31030CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook