以下是关于漏洞的关键信息: CVE ID: CVE-2014-5158 CVSS Score: 10.0 Affected Vendors: AlienVault Affected Products: OSSIM Vulnerability Details: - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AlienVault OSSIM. Authentication is not required to exploit this vulnerability. - The specific flaw exists within the av-centered SOAP service. The issue lies in the handling of the requests due to a failure to safely sanitize user data before executing a command. An attacker could leverage this vulnerability to execute code with root privileges. Additional Details: - AlienVault has issued an update to correct this vulnerability. More details can be found at: http://forums.alienvault.com/discussion/2559/security-advisory-multiple-vulnerabilities Disclosure Timeline: - 2014-05-25 - Vulnerability reported to vendor - 2014-08-01 - Coordinated public release of advisory Credit: grimmlin