Skip to main content

Open Source Security Information Management CVE-2014-4153

HIGH
Information Exposure (CWE-200)
2014-06-18 cve@mitre.org
7.8
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:N/AC:L/Au:N/C:C/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:N/C:C/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Confidentiality
C
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Jun 18, 2014 - 19:55 cve.org
HIGH 7.8

DescriptionCVE.org

The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to read arbitrary files via a crafted get_file request.

AnalysisAI

The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to read arbitrary files via a crafted get_file request. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to read arbitrary files via a crafted get_file request. Affected products include: Alienvault Open Source Security Information Management. Version information: before 4.8.0.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.

CVE-2014-3804 CRITICAL POC
10.0 Jun 13

The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a

CVE-2014-3805 CRITICAL POC
10.0 Jun 13

The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a

CVE-2013-5967 HIGH POC
7.5 Oct 09

Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.3 and earlier

CVE-2014-5210 CRITICAL POC
10.0 Aug 21

The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a

CVE-2014-5383 MEDIUM POC
6.5 Aug 21

SQL injection vulnerability in AlienVault OSSIM before 4.7.0 allows remote authenticated users to execute arbitrary SQL

CVE-2012-3835 MEDIUM POC
4.3 Jul 03

Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 3.

CVE-2015-4046 HIGH POC
7.2 May 23

The asset discovery scanner in AlienVault OSSIM before 5.0.1 allows remote authenticated users to execute arbitrary comm

CVE-2014-4152 CRITICAL
10.0 Jun 18

The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to execute arbitrary code via a cra

CVE-2014-4151 CRITICAL
10.0 Jun 18

The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to create arbitrary files and execu

CVE-2013-5321 HIGH POC
7.5 Aug 20

Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.1 allow remot

CVE-2014-5158 CRITICAL
10.0 Aug 21

The (1) av-centerd SOAP service and (2) backup command in the ossim-framework service in AlienVault OSSIM before 4.6.0 a

CVE-2012-3834 MEDIUM POC
6.5 Jul 03

SQL injection vulnerability in forensics/base_qry_main.php in AlienVault Open Source Security Information Management (OS

Share

CVE-2014-4153 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy