Vulnerability in Suse Kiwi
CVE-2011-4192
kiwi before 4.85.1, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands as demonstrated by "double quotes in kiwi_oemtitle of .profile."
EPSS: 0.005 (66.3th percentile) — read the EPSS interpretation.
Affected products
- Suse Kiwi
- Suse Studio_extension_for_system_z — versions 1.2
- Suse Studio_onsite — versions 1.2
- N/a — versions n/a
References
- SUSE-SU-2011:1324 (vendor-advisory, x_refsource_SUSE, Vendor Advisory)