cvedb.io
CVE-2016-7955
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2017-03-15T16:59:00.237 · Last modified 2026-06-17T00:53:50.263

Summary

The logcheck function in session.inc in AlienVault OSSIM before 5.3.1, when an action has been created, and USM before 5.3.1 allows remote attackers to bypass authentication and consequently obtain sensitive information, modify the application, or execute arbitrary code as root via an "AV Report Scheduler" HTTP User-Agent header.

Affected products

alienvault — ossim

Does this affect you?

Add your gear to cvedb and we'll alert you only when alienvault ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.