CVE-2014-5210

Alienvault Open Source Security Infor... - Code Injection

Title source: rule

Description

The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) remote_task or (2) get_license request, a different vulnerability than CVE-2014-3804 and CVE-2014-3805.

Exploits (1)

exploitdb WORKING POC

by James Fitts · rubyremotelinux

https://www.exploit-db.com/exploits/42697

View Code ZIP pw:eip

References (4)

[Vendor Advisory] http://forums.alienvault.com/discussion/2690

[Third Party Advisory] http://www.zerodayinitiative.com/advisories/ZDI-14-294/

[Third Party Advisory] http://www.zerodayinitiative.com/advisories/ZDI-14-295/

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/69239

Scores

EPSS 0.1697

EPSS Percentile 95.0%

Details

CWE

CWE-94

Status published

Products (29)

alienvault/open_source_security_information_management 1.0.4

alienvault/open_source_security_information_management 1.0.6

alienvault/open_source_security_information_management 2.1

alienvault/open_source_security_information_management 2.1.2

alienvault/open_source_security_information_management 2.1.5

alienvault/open_source_security_information_management 2.1.5-1

alienvault/open_source_security_information_management 2.1.5-2

alienvault/open_source_security_information_management 2.1.5-3

alienvault/open_source_security_information_management 3.1

alienvault/open_source_security_information_management 3.1.9

... and 19 more

Published Aug 21, 2014

Tracked Since Feb 18, 2026