CVE-2011-3014

CWE-2643 documents3 sources
Severity
5.0MEDIUM
EPSS
0.3%
top 49.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Novell Data SynchronizerNovell Mobility Pack
Timeline
PublishedAug 9
Latest updateMay 17

Description

The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 does not properly restrict caching of HTTPS responses, which makes it easier for remote attackers to obtain sensitive information by leveraging an unattended workstation.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

NVDnovell/mobility_pack4 versions+3
NVDnovell/data_synchronizer4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-j9rr-f82w-2hc8: The Mobility Pack before 12022-05-17
CVEList
CVE-2011-3014: The Mobility Pack before 12011-08-09
CVE-2011-3014 (MEDIUM CVSS 5) | The Mobility Pack before 1.2 in Nov | cvebase.io