AlienVault to patch OSSIM and USM platform vulnerabilities
Numerous vulnerabilities within AlienVault's OSSIM and USM platforms were uncovered last week by security researchers at Kapersky Labs, which posted an analysis demonstrating easy exploitation via customised NBE file uploads.
The main security flaw is found inside the vulnerability management system section, allowing users to upload a Nessus vulnerability scan, which can then exploit multiple other exposed vulnerabilities and conduct XSS, SQLi and command execution attacks, the published report reveals.
Further analysis by Lapp reveals the security flaw has been shown in versions 4.14, 4.15 and 5.0, but it "likely affects" all previous versions.
The security information and event management platforms, which are commonly used by security professionals across the globe, told researchers that the vulnerabilities fix will be released this week.