PT-2011-4003 · Novell · Novell Cloud Manager

Published

2011-09-02

Updated

2011-10-06

CVE-2011-2654

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Novell Cloud Manager version 1.1.2

Description The issue is related to the RPC implementation in the server, which does not properly initialize objects. This allows remote attackers to execute arbitrary code by making RPC calls that leverage incorrect privileges associated with a partially initialized session.

Recommendations For Novell Cloud Manager version 1.1.2, apply Patch 3 to resolve the issue.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2011-2654

ZDI-11-278

Affected Products

Novell Cloud Manager

PT-2011-4003 · Novell · Novell Cloud Manager

CVE-2011-2654

Weakness Enumeration

Related Identifiers

Affected Products

References · 7