Lucene search
HistoryApr 16, 2014 - 6:37 p.m.
CVE-2011-4195
cve-2011-4195
kiwi
suse studio onsite
suse studio extension
arbitrary command execution
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.8 High
AI Score
Confidence
High
0.009 Low
EPSS
Percentile
83.1%
kiwi before 4.98.05, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands via shell metacharacters in an image name.
Affected configurations
Node
susekiwiRange≤4.98.04
ORsusestudio_extension_for_system_zMatch1.2
ORsusestudio_onsiteMatch1.2
Related
prion
prion
Design/Logic Flaw
2014-04-16 18:37:00
nvd
nvd
CVE-2011-4195
2014-04-16 18:37:11
cvelist
cvelist
CVE-2011-4195
2014-04-16 18:00:00
suse
suse
Security update for SUSE Studio Onsite 1.2 and kiwi (critical)
2011-12-15 01:08:52
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.8 High
AI Score
Confidence
High
0.009 Low
EPSS
Percentile
83.1%
Related for CVE-2011-4195