CVE-2009-4372

Published: Dec 21, 2009Modified: Apr 23, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary commands via shell metacharacters in the uniqueid parameter to (1) wcl.php, (2) storage_graphs.php, (3) storage_graphs2.php, (4) storage_graphs3.php, and (5) storage_graphs4.php in sem/.

Affected (4)

Products: Alienvault: Open Source Security Information Management

1 product

Open Source Security Information Management

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Alienvault Open Source Security Information Management	Version 2.1.5-1
Alienvault Open Source Security Information Management	Version 2.1.5-2
Alienvault Open Source Security Information Management	Version 2.1.5-3
Alienvault Open Source Security Information Management	Version 2.1.5

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (22)

http://osvdb.org/61151

Source: cve@mitre.org

http://osvdb.org/61152

Source: cve@mitre.org

http://osvdb.org/61153

Source: cve@mitre.org

http://osvdb.org/61154

Source: cve@mitre.org

http://osvdb.org/61155

Source: cve@mitre.org

http://secunia.com/advisories/37727

Source: cve@mitre.org

Vendor Advisory

http://www.alienvault.com/community.php?section=News

Source: cve@mitre.org

Exploit

http://www.cybsec.com/vuln/OSSIM_2_1_5_Remote_Command_Execution.pdf

Source: cve@mitre.org

Exploit

http://www.exploit-db.com/exploits/10480

Source: cve@mitre.org

Exploit

http://www.securityfocus.com/bid/37375

Source: cve@mitre.org

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/54843

Source: cve@mitre.org

http://osvdb.org/61151

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/61152

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/61153

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/61154

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/61155

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/37727

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.alienvault.com/community.php?section=News

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.cybsec.com/vuln/OSSIM_2_1_5_Remote_Command_Execution.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.exploit-db.com/exploits/10480

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.securityfocus.com/bid/37375

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/54843

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.