CVE-2011-4192 : kiwi before 4.85.1, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Stud

kiwi before 4.85.1, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands as demonstrated by "double quotes in kiwi_oemtitle of .profile."

Published 2014-04-16 18:37:11

Updated 2025-04-12 10:46:41

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2011-4192

Suse » Studio Onsite » Version: 1.2
cpe:2.3:a:suse:studio_onsite:1.2:*:*:*:*:*:*:*
Matching versions
Suse » Studio Extension For System Z » Version: 1.2
cpe:2.3:a:suse:studio_extension_for_system_z:1.2:*:*:*:*:*:*:*
Matching versions
Suse » Kiwi
Versions up to, including, (<=) 4.85
cpe:2.3:a:suse:kiwi:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2011-4192

EPSS FAQ

0.50%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 63 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2011-4192

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2011-4192

http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00015.html

[security-announce] SUSE-SU-2011:1324-1: critical: Security update for S
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2011-4192

Products affected by CVE-2011-4192

Exploit prediction scoring system (EPSS) score for CVE-2011-4192

CVSS scores for CVE-2011-4192

References for CVE-2011-4192