CVE-2011-3014

Novell Data Synchronizer - Access Control

Title source: rule

Description

The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 does not properly restrict caching of HTTPS responses, which makes it easier for remote attackers to obtain sensitive information by leveraging an unattended workstation.

References (2)

[Vendor Advisory] http://www.novell.com/support/viewContent.do?externalId=7009057

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/69167

Scores

EPSS 0.0027

EPSS Percentile 50.5%

Classification

CWE

CWE-264

Status draft

Affected Products (8)

novell/data_synchronizer

novell/mobility_pack

Timeline

Published Aug 09, 2011

Tracked Since Feb 18, 2026