Vulnerability Details : CVE-2011-2649
Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows attackers to execute arbitrary commands via shell metacharacters in an unspecified FileUtils function call.
Vulnerability category: Input validation
Products affected by CVE-2011-2649
- cpe:2.3:a:novell:suse_studio_onsite:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:marcus_schafer:kiwi:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-2649
0.47%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 72 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-2649
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2011-2649
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-2649
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/69284
Kiwi FileUtils command execution CVE-2011-2649 Vulnerability Report
-
https://bugzilla.novell.com/show_bug.cgi?id=701815
Access Denied
-
http://support.novell.com/security/cve/CVE-2011-2649.html
CVE-2011-2649 | SUSE
-
http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00013.html
[security-announce] SUSE-SU-2011:0917-1: critical: Security update for k
-
http://www.securityfocus.com/bid/49236
Kiwi Multiple Remote Code Execution, HTML Injection and Local File Inclusion Vulnerabilities
Jump to