CVE-2014-3805
Alienvault Open Source Security Infor... - Code Injection
Title source: ruleDescription
The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) get_license, (2) get_log_line, or (3) update_system/upgrade_pro_web request, a different vulnerability than CVE-2014-3804.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by Alfredo Ramirez · perlremotelinux
https://www.exploit-db.com/exploits/33805
References (5)
Scores
EPSS
0.3650
EPSS Percentile
97.1%
Details
CWE
CWE-94
Status
published
Products (17)
alienvault/open_source_security_information_management
4.0
alienvault/open_source_security_information_management
4.0.3
alienvault/open_source_security_information_management
4.0.4
alienvault/open_source_security_information_management
4.1
alienvault/open_source_security_information_management
4.1.2
alienvault/open_source_security_information_management
4.1.3
alienvault/open_source_security_information_management
4.2
alienvault/open_source_security_information_management
4.2.2
alienvault/open_source_security_information_management
4.2.3
alienvault/open_source_security_information_management
4.3
... and 7 more
Published
Jun 13, 2014
Tracked Since
Feb 18, 2026