| CVE ID | CVE-2011-2654 |
| CVSS SCORE | 9.3, AV:N/AC:M/Au:N/C:C/I:C/A:C |
| AFFECTED VENDORS |
Novell |
| AFFECTED PRODUCTS |
eDirectory |
| VULNERABILITY DETAILS |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Cloud Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within how the application implements an RPC method. Due to incompletely initializing an object, the application will store a partially initialized session. This partially initialized session will allow one to make privileged RPC calls to the server. This can lead to code execution under the context of the service. |
| ADDITIONAL DETAILS |
Novell has issued an update to correct this vulnerability. More details can be found at:
http://download.novell.com/Download?buildid=NSONlV5PqMo~ |
| DISCLOSURE TIMELINE |
|
| CREDIT | 1c239c43f521145fa8385d64a9c32243 |
