Intrusion Prevention

AlienVault.USM.OSSIM.GetDirectiveK.DirectiveId.SQL.Injection

Description

This indicates an attack attempt to exploit an SQL Injection Vulnerability in AlienVault Unified Security Management and Open Source SIEM.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application. A remote attacker could exploit this to execute arbitrary command as root, via a crafted request.

Affected Products

AlienVault OSSIM prior to 5.2.4
AlienVault Unified Security Management prior to 5.2.4

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the latest update from the vendor.
https://www.alienvault.com/forums/discussion/7110/

Other References

ZDI-16-505 7110