CVE-2016-8581 — MEDIUM (6.1)

Q: How severe is CVE-2016-8581?

CVE-2016-8581 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2016-8581?

Check the references section above for vendor advisories and patch information. Affected products include: Alienvault Open Source Security Information And Event Management, Alienvault Unified Security Management.

Vulnerability Description

A persistent XSS vulnerability exists in the User-Agent header of the login process of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to steal session IDs of logged in users when the current sessions are viewed by an administrator.

CVSS Score

6.1

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Alienvault	Open Source Security Information And Event Management	<= 5.3.1
Alienvault	Unified Security Management	<= 5.3.1

Related Weaknesses (CWE)

CWE-79

References

FAQ

What is CVE-2016-8581?

CVE-2016-8581 is a vulnerability with a CVSS score of 6.1 (MEDIUM). A persistent XSS vulnerability exists in the User-Agent header of the login process of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to steal session IDs of logged in users when the cu...

How severe is CVE-2016-8581?

CVE-2016-8581 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-8581?

Check the references section above for vendor advisories and patch information. Affected products include: Alienvault Open Source Security Information And Event Management, Alienvault Unified Security Management.