CVE-2011-3014
Severity Score
5.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 does not properly restrict caching of HTTPS responses, which makes it easier for remote attackers to obtain sensitive information by leveraging an unattended workstation.
Mobility Pack en versiones anteriores a la 1.2 de Novell Data Synchronizer 1.x hasta la 1.1.2 build 428 no restringe apropiadamente el "cacheo" de las respuestas HTTPS, lo que facilita a atacantes remotos obtener informaciĆ³n confidencial utilizando una estaciĆ³n de trabajo desatendida.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2011-08-09 CVE Reserved
- 2011-08-09 CVE Published
- 2024-08-06 CVE Updated
- 2024-11-22 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/69167 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.novell.com/support/viewContent.do?externalId=7009057 | 2017-08-29 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Novell Search vendor "Novell" | Data Synchronizer Search vendor "Novell" for product "Data Synchronizer" | 1.0.0 Search vendor "Novell" for product "Data Synchronizer" and version "1.0.0" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Data Synchronizer Search vendor "Novell" for product "Data Synchronizer" | 1.1.0 Search vendor "Novell" for product "Data Synchronizer" and version "1.1.0" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Data Synchronizer Search vendor "Novell" for product "Data Synchronizer" | 1.1.1 Search vendor "Novell" for product "Data Synchronizer" and version "1.1.1" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Data Synchronizer Search vendor "Novell" for product "Data Synchronizer" | 1.1.2 Search vendor "Novell" for product "Data Synchronizer" and version "1.1.2" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Mobility Pack Search vendor "Novell" for product "Mobility Pack" | 1.0 Search vendor "Novell" for product "Mobility Pack" and version "1.0" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Mobility Pack Search vendor "Novell" for product "Mobility Pack" | 1.1 Search vendor "Novell" for product "Mobility Pack" and version "1.1" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Mobility Pack Search vendor "Novell" for product "Mobility Pack" | 1.1.1 Search vendor "Novell" for product "Mobility Pack" and version "1.1.1" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Mobility Pack Search vendor "Novell" for product "Mobility Pack" | 1.1.2 Search vendor "Novell" for product "Mobility Pack" and version "1.1.2" | - |
Affected
| ||||||