cpe:/a:alienvault:open_source_security_information_management:2.1.5 cpe:/a:alienvault:open_source_security_information_management:2.1.5-1 cpe:/a:alienvault:open_source_security_information_management:2.1.5-2 cpe:/a:alienvault:open_source_security_information_management:2.1.5-3 CVE-2009-4372 2009-12-21T11:30:00.717-05:00 2017-08-16T21:31:33.883-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-12-22T11:05:00.000-05:00 EXPLOIT-DB 10480 BID 37375 SECUNIA 37727 OSVDB 61151 OSVDB 61152 OSVDB 61153 OSVDB 61154 OSVDB 61155 CONFIRM http://www.alienvault.com/community.php?section=News MISC http://www.cybsec.com/vuln/OSSIM_2_1_5_Remote_Command_Execution.pdf XF ossim-uniqueid-command-execution(54843) AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary commands via shell metacharacters in the uniqueid parameter to (1) wcl.php, (2) storage_graphs.php, (3) storage_graphs2.php, (4) storage_graphs3.php, and (5) storage_graphs4.php in sem/.