CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
High
EPSS
Percentile
97.2%
The RPC implementation in the server in Novell Cloud Manager 1.1.2 before Patch 3 does not properly initialize objects, which allows remote attackers to execute arbitrary code by making RPC calls that leverage incorrect privileges associated with a partially initialized session.
Vendor | Product | Version | CPE |
---|---|---|---|
novell | cloud_manager | * | cpe:2.3:a:novell:cloud_manager:*:patch2:*:*:*:*:*:* |
novell | cloud_manager | 1.1.2 | cpe:2.3:a:novell:cloud_manager:1.1.2:*:*:*:*:*:*:* |
novell | cloud_manager | 1.1.2 | cpe:2.3:a:novell:cloud_manager:1.1.2:patch1:*:*:*:*:*:* |