CVE-2014-4152
published 2014-06-18CVE-2014-4152: The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to execute arbitrary code via a crafted remote_task request, related to…
PriorityP356critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
5.79%
92.2th percentile
The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to execute arbitrary code via a crafted remote_task request, related to injecting an ssh public key.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| alienvault | open_source_security_information_management | <= 4.7.0 | — |
| alienvault | open_source_security_information_management | — | — |
| alienvault | open_source_security_information_management | — | — |
| alienvault | open_source_security_information_management | — | — |
| alienvault | open_source_security_information_management | — | — |
| alienvault | open_source_security_information_management | — | — |
| alienvault | open_source_security_information_management | — | — |
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
ghsa6.8MEDIUM
vendor_redhat6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-328r-mqrg-8jf9: The av-centerd SOAP service in AlienVault OSSIM before 4
ghsa_unreviewed·2022-05-17
CVE-2014-4152 [HIGH] CWE-94 GHSA-328r-mqrg-8jf9: The av-centerd SOAP service in AlienVault OSSIM before 4
The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to execute arbitrary code via a crafted remote_task request, related to injecting an ssh public key.
GHSA
Cross-Site Request Forgery in Spring Framework
ghsa·2022-05-13·CVSS 6.8
CVE-2014-0054 [MEDIUM] CWE-352 Cross-Site Request Forgery in Spring Framework
Cross-Site Request Forgery in Spring Framework
The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429.
Red Hat
Framework: incomplete fix for CVE-2013-7315/CVE-2013-6429
vendor_redhat·2014-01-31·CVSS 6.8
CVE-2014-0054 [MEDIUM] Framework: incomplete fix for CVE-2013-7315/CVE-2013-6429
Framework: incomplete fix for CVE-2013-7315/CVE-2013-6429
The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429.
Statement: The Red Hat Security Response Team has rated this issue as having Moderate security impact. OpenShift Enterprise 1 is currently in the Production 1 phase of its lifecycle, as such this issue is not currently planned to be addressed in future updates. For additional information, refer to the Sat
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2014-06-18
Published