Main Vulnerability Database Vulnerabilities #VU44796

Input validation error in SUSE Studio Onsite - CVE-2011-2651

Published: August 24, 2011 / Updated: August 11, 2020

Vulnerability identifier: #VU44796

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2011-2651

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Novell

Affected software:
SUSE Studio Onsite

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Unspecified vulnerability in the file browser in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to execute arbitrary code via a crafted filename.

How to mitigate CVE-2011-2651

Install update from vendor's website.

Sources

http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00013.html
http://support.novell.com/security/cve/CVE-2011-2651.html
http://www.securityfocus.com/bid/49236
https://bugzilla.novell.com/show_bug.cgi?id=702041
https://exchange.xforce.ibmcloud.com/vulnerabilities/69286

Input validation error in SUSE Studio Onsite - CVE-2011-2651

Detailed vulnerability description

How to mitigate CVE-2011-2651

Sources

Please verify you're human