CVE-2014-4151

Name of the Vulnerable Software and Affected Versions AlienVault OSSIM versions prior to 4.8.0

Description The issue allows remote attackers to create arbitrary files and execute arbitrary code via a crafted set file request to the av-centerd SOAP service. This is due to a vulnerability in the Util.pm module.

Recommendations For versions prior to 4.8.0, update to version 4.8.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the av-centerd SOAP service to minimize the risk of exploitation. Avoid using the set file request in the affected service until the issue is resolved.