CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2011-2224
https://notcve.org/view.php?id=CVE-2011-2224
The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors. Mobility Pack en versiones anteriores a la 1.2 de Novell Data Synchronizer 1.x hasta la 1.1.2 build 428 no incluye la opción HTTPOnly en una cabecera Set-Cookie, lo que facilita a atacantes remotos realizar un ataque XSS a través de vectores sin especificar. • http://secunia.com/advisories/45527 http://www.novell.com/support/viewContent.do?externalId=7009058 http://www.securityfocus.com/bid/49069 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2011-2222
https://notcve.org/view.php?id=CVE-2011-2222
Session fixation vulnerability in WebAdmin in the Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 allows remote attackers to hijack web sessions via unspecified vectors. Vulnerabilidad de secuestro de sesión ("session fixation") en WebAdmin de Mobility Pack en versiones anteriores a la 1.2 de Novell Data Synchronizer 1.x hasta la 1.1.2 build 428 permite a atacantes remotos secuestrar ("hijack") sesiones web a través de vectores sin especificar. • http://secunia.com/advisories/45527 http://www.novell.com/support/viewContent.do?externalId=7009054 http://www.securityfocus.com/bid/49069 •
CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0CVE-2011-2221
https://notcve.org/view.php?id=CVE-2011-2221
The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 allows remote attackers to bypass WebAdmin authentication and obtain sensitive GroupWise information via unspecified vectors. Mobility Pack en versiones anteriores a la 1.2 de Novell Data Synchronizer 1.x hasta la 1.1.2 build 428 permite a atacantes remotos evitar la autenticación WebAdmin y obtener información confidencial GroupWise a través de vectores sin especificar. • http://secunia.com/advisories/45527 http://www.novell.com/support/viewContent.do?externalId=7009053 http://www.securityfocus.com/bid/49069 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0CVE-2011-2223
https://notcve.org/view.php?id=CVE-2011-2223
The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 sends the Admin LDAP password in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network. Mobility Pack en versiones anteriores a la 1.2 de Novell Data Synchronizer 1.x hasta la 1.1.2 build 428 envia la contraseña Admin de LDAP en texto claro, lo que permite a atacantes remotos obtener información confidencial analizando el tráfico de red. • http://secunia.com/advisories/45527 http://www.novell.com/support/viewContent.do?externalId=7009055 http://www.securityfocus.com/bid/49069 • CWE-310: Cryptographic Issues •
CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0CVE-2011-3013
https://notcve.org/view.php?id=CVE-2011-3013
WebAdmin in the Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 supports weak SSL ciphers, which makes it easier for remote attackers to obtain access via a brute-force attack. WebAdmin en Mobility Pack en versiones anteriores a la 1.2 de Novell Data Synchronizer 1.x hasta la 1.1.2 build 428 soporta algoritmos de cifrado SSL débiles, lo que facilita a atacantes remotos obtener acceso a través de un ataque de fuerza bruta. • http://www.novell.com/support/viewContent.do?externalId=7009056 https://exchange.xforce.ibmcloud.com/vulnerabilities/69168 • CWE-310: Cryptographic Issues •