Vulnerability Details : CVE-2011-2654
The RPC implementation in the server in Novell Cloud Manager 1.1.2 before Patch 3 does not properly initialize objects, which allows remote attackers to execute arbitrary code by making RPC calls that leverage incorrect privileges associated with a partially initialized session.
Vulnerability category: Input validationExecute code
Exploit prediction scoring system (EPSS) score for CVE-2011-2654
Probability of exploitation activity in the next 30 days: 29.36%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 96 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2011-2654
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2011-2654
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-2654
-
http://download.novell.com/Download?buildid=NSONlV5PqMo~
Downloads - Cloud Manager 1.1.X / PlateSpin Orchestrate 2.6.0 Patch3
-
http://www.securityfocus.com/bid/49432
Novell Cloud Manager/PlateSpin Orchestrate Unspecified Remote Code Execution Vulnerability
-
http://zerodayinitiative.com/advisories/ZDI-11-278/
ZDI-11-278 | Zero Day Initiative
-
http://www.securitytracker.com/id?1026006
Novell Cloud Manager RPC Processing Error Lets Remote Users Execute Arbitrary Code - SecurityTracker
Products affected by CVE-2011-2654
- cpe:2.3:a:novell:cloud_manager:*:patch2:*:*:*:*:*:*
- cpe:2.3:a:novell:cloud_manager:1.1.2:patch1:*:*:*:*:*:*
- cpe:2.3:a:novell:cloud_manager:1.1.2:*:*:*:*:*:*:*