exploitDog

CVE-2011-4192

Опубликовано: 16 апр. 2014

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

kiwi before 4.85.1, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands as demonstrated by "double quotes in kiwi_oemtitle of .profile."

Комментарий

Per: https://cwe.mitre.org/data/definitions/77.html

"CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00015.html
Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00015.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:suse:kiwi:*:*:*:*:*:*:*:*

Версия до 4.85 (включая)

cpe:2.3:a:suse:studio_extension_for_system_z:1.2:*:*:*:*:*:*:*

cpe:2.3:a:suse:studio_onsite:1.2:*:*:*:*:*:*:*

EPSS

Процентиль: 65%

0.00499

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-v92f-g985-p495

github

больше 3 лет назад

kiwi before 4.85.1, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands as demonstrated by "double quotes in kiwi_oemtitle of .profile."

EPSS

Процентиль: 65%

0.00499

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other