CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0CVE-2011-3014
https://notcve.org/view.php?id=CVE-2011-3014
The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 does not properly restrict caching of HTTPS responses, which makes it easier for remote attackers to obtain sensitive information by leveraging an unattended workstation. Mobility Pack en versiones anteriores a la 1.2 de Novell Data Synchronizer 1.x hasta la 1.1.2 build 428 no restringe apropiadamente el "cacheo" de las respuestas HTTPS, lo que facilita a atacantes remotos obtener información confidencial utilizando una estación de trabajo desatendida. • http://www.novell.com/support/viewContent.do?externalId=7009057 https://exchange.xforce.ibmcloud.com/vulnerabilities/69167 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2011-1711
https://notcve.org/view.php?id=CVE-2011-1711
Unspecified vulnerability in the Mobility Pack 1.1.2 and earlier in Novell Data Synchronizer 1.0.x, and 1.1.x through 1.1.1 build 428, allows remote authenticated users to access the accounts of other users via unknown vectors. Vulnerabilidad no especificada en el Mobility Pack v1.1.2 y anteriores en Novell Data Synchronizer v1.0.x, y v1.1.x hasta v1.1.1 build 428, permite a usuarios remotos autenticados a acceder a las cuentas de otros usuarios a través de vectores desconocidos. • http://osvdb.org/72759 http://secunia.com/advisories/44864 http://www.novell.com/support/viewContent.do?externalId=7008690 http://www.securityfocus.com/bid/48117 http://www.securitytracker.com/id?1025608 https://exchange.xforce.ibmcloud.com/vulnerabilities/67840 •