CVE-2014-3804

Published: Jun 13, 2014Modified: May 6, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) update_system_info_debian_package, (2) ossec_task, (3) set_ossim_setup admin_ip, (4) sync_rserver, or (5) set_ossim_setup framework_ip request, a different vulnerability than CVE-2014-3805.

Affected (17)

Products: Alienvault: Open Source Security Information Management

Alienvault

1 product

Open Source Security Information Management

Configuration A

17 vulnerable

Vulnerable Software	Affected Versions
Alienvault Open Source Security Information Management	Up to 4.6.1
Alienvault Open Source Security Information Management	Version 4.0.3
Alienvault Open Source Security Information Management	Version 4.0.4
Alienvault Open Source Security Information Management	Version 4.0
Alienvault Open Source Security Information Management	Version 4.1.2
Alienvault Open Source Security Information Management	Version 4.1.3
Alienvault Open Source Security Information Management	Version 4.1
Alienvault Open Source Security Information Management	Version 4.2.2
Alienvault Open Source Security Information Management	Version 4.2.3
Alienvault Open Source Security Information Management	Version 4.2
Alienvault Open Source Security Information Management	Version 4.3.1
Alienvault Open Source Security Information Management	Version 4.3.2
Alienvault Open Source Security Information Management	Version 4.3.3
Alienvault Open Source Security Information Management	Version 4.3
Alienvault Open Source Security Information Management	Version 4.4
Alienvault Open Source Security Information Management	Version 4.5
Alienvault Open Source Security Information Management	Version 4.6