Vulnerability Description
The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 does not properly restrict caching of HTTPS responses, which makes it easier for remote attackers to obtain sensitive information by leveraging an unattended workstation.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Novell | Data Synchronizer | 1.0.0 |
| Novell | Mobility Pack | 1.0 |
Related Weaknesses (CWE)
References
- http://www.novell.com/support/viewContent.do?externalId=7009057Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/69167
- http://www.novell.com/support/viewContent.do?externalId=7009057Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/69167
FAQ
What is CVE-2011-3014?
CVE-2011-3014 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 does not properly restrict caching of HTTPS responses, which makes it easier for remote attackers to obtain sensiti...
How severe is CVE-2011-3014?
CVE-2011-3014 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-3014?
Check the references section above for vendor advisories and patch information. Affected products include: Novell Data Synchronizer, Novell Mobility Pack.