CVE-2011-2654

EPSS 4.33%
Published 06.09.2011 15:55:02
Last modified 11.04.2025 00:51:21
Source cve@mitre.org
Teams watchlist Login
Open Login

The RPC implementation in the server in Novell Cloud Manager 1.1.2 before Patch 3 does not properly initialize objects, which allows remote attackers to execute arbitrary code by making RPC calls that leverage incorrect privileges associated with a partially initialized session.

Affected products Warnungen 0 Metrics 2 CWE 1 References 8

Data is provided by the National Vulnerability Database (NVD)

Novell ≫ Cloud Manager Updatepatch2 Version <= 1.1.2

Novell ≫ Cloud Manager Version1.1.2

Novell ≫ Cloud Manager Version1.1.2 Updatepatch1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	4.33%	0.884

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://download.novell.com/Download?buildid=NSONlV5PqMo~

http://secunia.com/advisories/45845

Vendor Advisory

http://www.securityfocus.com/bid/49432

http://www.securitytracker.com/id?1026006

http://zerodayinitiative.com/advisories/ZDI-11-278/

https://nvd.nist.gov/vuln/detail/CVE-2011-2654

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-2654

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-2654

EUVD