CVE-2014-4151

AlienVault OSSIM < 4.8.0 - Remote Code Execution via av-centerd SOAP set_file Request

Title source: llm
STIX 2.1

Description

The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to create arbitrary files and execute arbitrary code via a crafted set_file request.

References (3)

Core 3
Core References
Vendor Advisory x_refsource_confirm
http://forums.alienvault.com/discussion/2806
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-14-205/
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/59112

Scores

EPSS 0.0732
EPSS Percentile 93.6%

Details

CWE
CWE-94
Status published
Products (7)
alienvault/open_source_security_information_management 4.0
alienvault/open_source_security_information_management 4.3.3
alienvault/open_source_security_information_management 4.4
alienvault/open_source_security_information_management 4.5
alienvault/open_source_security_information_management 4.6
alienvault/open_source_security_information_management 4.6.1
alienvault/open_source_security_information_management < 4.7.0
Published Jun 18, 2014
Tracked Since Feb 18, 2026