CVE-2014-3805

Опубликовано: 13 июн. 2014

Источник: nvd

CVSS2: 10

EPSS Средний

Описание

The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) get_license, (2) get_log_line, or (3) update_system/upgrade_pro_web request, a different vulnerability than CVE-2014-3804.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:alienvault:open_source_security_information_management:*:*:*:*:*:*:*:*

Версия до 4.6.1 (включая)

cpe:2.3:a:alienvault:open_source_security_information_management:4.0:*:*:*:*:*:*:*

cpe:2.3:a:alienvault:open_source_security_information_management:4.0.3:*:*:*:*:*:*:*

cpe:2.3:a:alienvault:open_source_security_information_management:4.0.4:*:*:*:*:*:*:*

cpe:2.3:a:alienvault:open_source_security_information_management:4.1:*:*:*:*:*:*:*

cpe:2.3:a:alienvault:open_source_security_information_management:4.1.2:*:*:*:*:*:*:*

cpe:2.3:a:alienvault:open_source_security_information_management:4.1.3:*:*:*:*:*:*:*

cpe:2.3:a:alienvault:open_source_security_information_management:4.2:*:*:*:*:*:*:*

cpe:2.3:a:alienvault:open_source_security_information_management:4.2.2:*:*:*:*:*:*:*

cpe:2.3:a:alienvault:open_source_security_information_management:4.2.3:*:*:*:*:*:*:*

cpe:2.3:a:alienvault:open_source_security_information_management:4.3:*:*:*:*:*:*:*

cpe:2.3:a:alienvault:open_source_security_information_management:4.3.1:*:*:*:*:*:*:*

cpe:2.3:a:alienvault:open_source_security_information_management:4.3.2:*:*:*:*:*:*:*

cpe:2.3:a:alienvault:open_source_security_information_management:4.3.3:*:*:*:*:*:*:*

cpe:2.3:a:alienvault:open_source_security_information_management:4.4:*:*:*:*:*:*:*

cpe:2.3:a:alienvault:open_source_security_information_management:4.5:*:*:*:*:*:*:*

cpe:2.3:a:alienvault:open_source_security_information_management:4.6:*:*:*:*:*:*:*

EPSS

Процентиль: 97%

0.36505

Средний

10 Critical

CVSS2

Дефекты

CWE-94

Связанные уязвимости

GHSA-f68v-p32j-mqvq

github

больше 3 лет назад