CVE-2011-2654

EPSS 4.33%
Veröffentlicht 06.09.2011 15:55:02
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

The RPC implementation in the server in Novell Cloud Manager 1.1.2 before Patch 3 does not properly initialize objects, which allows remote attackers to execute arbitrary code by making RPC calls that leverage incorrect privileges associated with a partially initialized session.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Novell ≫ Cloud Manager Updatepatch2 Version <= 1.1.2

Novell ≫ Cloud Manager Version1.1.2

Novell ≫ Cloud Manager Version1.1.2 Updatepatch1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	4.33%	0.884

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://download.novell.com/Download?buildid=NSONlV5PqMo~

http://secunia.com/advisories/45845

Vendor Advisory

http://www.securityfocus.com/bid/49432

http://www.securitytracker.com/id?1026006

http://zerodayinitiative.com/advisories/ZDI-11-278/

https://nvd.nist.gov/vuln/detail/CVE-2011-2654

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-2654

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-2654

EUVD