The av-centerd SOAP service in AlienVault OSSIM prior to 4.7.0 allows remote malicious users to execute arbitrary commands via a crafted (1) get_license, (2) get_log_line, or (3) update_system/upgrade_pro_web request, a different vulnerability than CVE-2014-3804.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
alienvault open source security information management |
||
alienvault open source security information management 4.6 |
||
alienvault open source security information management 4.1.2 |
||
alienvault open source security information management 4.1.3 |
||
alienvault open source security information management 4.2 |
||
alienvault open source security information management 4.3.3 |
||
alienvault open source security information management 4.0.3 |
||
alienvault open source security information management 4.3 |
||
alienvault open source security information management 4.3.1 |
||
alienvault open source security information management 4.0 |
||
alienvault open source security information management 4.0.4 |
||
alienvault open source security information management 4.1 |
||
alienvault open source security information management 4.3.2 |
||
alienvault open source security information management 4.5 |
||
alienvault open source security information management 4.4 |
||
alienvault open source security information management 4.2.2 |
||
alienvault open source security information management 4.2.3 |
Vulmon