Skip to main content

Open Source Security Information Management CVE-2014-5158

CRITICAL
Code Injection (CWE-94)
2014-08-21 cve@mitre.org
10.0
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
10.0 CRITICAL
AV:N/AC:L/Au:N/C:C/I:C/A:C

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:N/C:C/I:C/A:C
Attack Vector
Network
Attack Complexity
Low
Confidentiality
C
Integrity
C
Availability
C

Lifecycle Timeline

1
CVE Published
Aug 21, 2014 - 14:55 cve.org
CRITICAL 10.0

DescriptionCVE.org

The (1) av-centerd SOAP service and (2) backup command in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary commands via unspecified vectors.

AnalysisAI

The (1) av-centerd SOAP service and (2) backup command in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary commands via unspecified vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Code Injection (CWE-94), which allows attackers to inject and execute arbitrary code within the application. The (1) av-centerd SOAP service and (2) backup command in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary commands via unspecified vectors. Affected products include: Alienvault Open Source Security Information Management. Version information: before 4.6.0.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Never evaluate user-controlled input as code. Use sandboxing, disable dangerous functions, apply strict input validation.

CVE-2014-3804 CRITICAL POC
10.0 Jun 13

The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a

CVE-2014-3805 CRITICAL POC
10.0 Jun 13

The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a

CVE-2013-5967 HIGH POC
7.5 Oct 09

Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.3 and earlier

CVE-2014-5210 CRITICAL POC
10.0 Aug 21

The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a

CVE-2014-5383 MEDIUM POC
6.5 Aug 21

SQL injection vulnerability in AlienVault OSSIM before 4.7.0 allows remote authenticated users to execute arbitrary SQL

CVE-2012-3835 MEDIUM POC
4.3 Jul 03

Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 3.

CVE-2014-4153 HIGH POC
7.8 Jun 18

The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to read arbitrary files via a craft

CVE-2015-4046 HIGH POC
7.2 May 23

The asset discovery scanner in AlienVault OSSIM before 5.0.1 allows remote authenticated users to execute arbitrary comm

CVE-2014-4152 CRITICAL
10.0 Jun 18

The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to execute arbitrary code via a cra

CVE-2014-4151 CRITICAL
10.0 Jun 18

The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to create arbitrary files and execu

CVE-2013-5321 HIGH POC
7.5 Aug 20

Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.1 allow remot

CVE-2012-3834 MEDIUM POC
6.5 Jul 03

SQL injection vulnerability in forensics/base_qry_main.php in AlienVault Open Source Security Information Management (OS

Share

CVE-2014-5158 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy