Описание
The RPC implementation in the server in Novell Cloud Manager 1.1.2 before Patch 3 does not properly initialize objects, which allows remote attackers to execute arbitrary code by making RPC calls that leverage incorrect privileges associated with a partially initialized session.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.1.2 (включая)
Одно из
cpe:2.3:a:novell:cloud_manager:*:patch2:*:*:*:*:*:*
cpe:2.3:a:novell:cloud_manager:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:novell:cloud_manager:1.1.2:patch1:*:*:*:*:*:*
EPSS
Процентиль: 87%
0.03508
Низкий
9.3 Critical
CVSS2
Дефекты
CWE-20
Связанные уязвимости
github
больше 3 лет назад
The RPC implementation in the server in Novell Cloud Manager 1.1.2 before Patch 3 does not properly initialize objects, which allows remote attackers to execute arbitrary code by making RPC calls that leverage incorrect privileges associated with a partially initialized session.
EPSS
Процентиль: 87%
0.03508
Низкий
9.3 Critical
CVSS2
Дефекты
CWE-20