CVE-2011-2654

The RPC implementation in the server in Novell Cloud Manager 1.1.2 before Patch 3 does not properly initialize objects, which allows remote attackers to execute arbitrary code by making RPC calls that leverage incorrect privileges associated with a partially initialized session.

Published: Sep 6, 2011
Updated: Apr 13, 2023
CVE: CVE-2011-2654
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
novell / cloud_manager	1.1.2-patch1	1.1.2-patch1.x
novell / cloud_manager	1.1.2	1.1.2.x
novell / cloud_manager	-	1.1.2.x

http://download.novell.com/Download?buildid=NSONlV5PqMo~
http://secunia.com/advisories/45845
http://www.securityfocus.com/bid/49432
http://www.securitytracker.com/id?1026006
http://zerodayinitiative.com/advisories/ZDI-11-278/

Vulnerability Database

289,599

CVE-2011-2654