CVE-2011-2654

Loading...

General

Score:9.3/10.0
Severity:High
Category:Input Validation Error

Impact Metrics

Confidentiality:Complete
Integrity:Complete
Availability:Complete

Exploitability Metrics

Access Vector:Network
Access Complexity:Medium
Authentication:None

Published on 06/09/11 - Updated on 06/10/11

Description

The RPC implementation in the server in Novell Cloud Manager 1.1.2 before Patch 3 does not properly initialize objects, which allows remote attackers to execute arbitrary code by making RPC calls that leverage incorrect privileges associated with a partially initialized session.

Category: Input Validation Error

CWE-20 (Input Validation)
The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.

Security Notices

US National Vulnerability DatabaseCVE-2011-2654
Agence Nationale de la Sécurité des Systèmes d'Information CERTA-2011-AVI-517

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
novellcloud_manager

Share this vulnerability with:

Twitter Facebook LinkedIn Mail