A couple vulnerabilities were discovered in the underlying OS packages in AlienVault v4.14 and lower. This vulnerabilities have been confirmed and fixed in the AlienVault v4.15. AlienVault encourages customers to upgrade to v4.15 to eliminate vulnerabilities.
OpenVAS Security Update (CVE-2014-9220) AlienVault ID: ENG-98226 Description: SQL injection vulnerability in OpenVAS Manager before 4.0.6 and 5.x before 5.0.7 allows remote attackers to execute arbitrary SQL commands via the timezone parameter in a modify_schedule OMP command. CVE ID: CVE-2014-9220 CVSS v2 Base Score: 7.5 CVSS v2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Agent Vulnerability (ZDI-CAN-2630) AlienVault ID: ENG-98435 Description: AlienVault Unified Security Management Plugin Remote Code Execution Vulnerability - The Framework Daemon on the USM listens on port 40003 to communicate with it's agents. This daemon facilitates communication with agents and allows unauthorized users to issue predefined commands to them by connecting to the AlienVault USM. Credit: Spencer McIntyre working with HP's Zero Day Initiative CVSS v2 Base Score: 9.3 CVSS v2 Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)