Skip to main content

Open Source Security Information Management CVE-2014-5383

MEDIUM
SQL Injection (CWE-89)
2014-08-21 cve@mitre.org
6.5
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:S/C:P/I:P/A:P
Attack Vector
Network
Attack Complexity
Low
Confidentiality
P
Integrity
P
Availability
P

Lifecycle Timeline

1
CVE Published
Aug 21, 2014 - 14:55 cve.org
MEDIUM 6.5

DescriptionCVE.org

SQL injection vulnerability in AlienVault OSSIM before 4.7.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

AnalysisAI

SQL injection vulnerability in AlienVault OSSIM before 4.7.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 28.9%.

Technical ContextAI

This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. SQL injection vulnerability in AlienVault OSSIM before 4.7.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Affected products include: Alienvault Open Source Security Information Management. Version information: before 4.7.0.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.

CVE-2014-3804 CRITICAL POC
10.0 Jun 13

The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a

CVE-2014-3805 CRITICAL POC
10.0 Jun 13

The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a

CVE-2013-5967 HIGH POC
7.5 Oct 09

Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.3 and earlier

CVE-2014-5210 CRITICAL POC
10.0 Aug 21

The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a

CVE-2012-3835 MEDIUM POC
4.3 Jul 03

Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 3.

CVE-2014-4153 HIGH POC
7.8 Jun 18

The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to read arbitrary files via a craft

CVE-2015-4046 HIGH POC
7.2 May 23

The asset discovery scanner in AlienVault OSSIM before 5.0.1 allows remote authenticated users to execute arbitrary comm

CVE-2014-4152 CRITICAL
10.0 Jun 18

The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to execute arbitrary code via a cra

CVE-2014-4151 CRITICAL
10.0 Jun 18

The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to create arbitrary files and execu

CVE-2013-5321 HIGH POC
7.5 Aug 20

Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.1 allow remot

CVE-2014-5158 CRITICAL
10.0 Aug 21

The (1) av-centerd SOAP service and (2) backup command in the ossim-framework service in AlienVault OSSIM before 4.6.0 a

CVE-2012-3834 MEDIUM POC
6.5 Jul 03

SQL injection vulnerability in forensics/base_qry_main.php in AlienVault Open Source Security Information Management (OS

Share

CVE-2014-5383 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy