CVE-2014-4153
high
CVSS v3
—
CVSS v2
7.8
VIR risk
7.8
Description
The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to read arbitrary files via a crafted get_file request.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: cve@mitre.org — http://forums.alienvault.com/discussion/2806
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| alienvault | open_source_security_information_management | {"endIncluding":"4.7.0"} | |
| alienvault | open_source_security_information_management | 4.0 | |
| alienvault | open_source_security_information_management | 4.3.3 | |
| alienvault | open_source_security_information_management | 4.4 | |
| alienvault | open_source_security_information_management | 4.5 | |
| alienvault | open_source_security_information_management | 4.6 | |
| alienvault | open_source_security_information_management | 4.6.1 | |
References
CWEs
CWE-200
Verify integrity in audit chain (admin only). AS-IS.