Vulnerability Details : CVE-2011-3014
The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 does not properly restrict caching of HTTPS responses, which makes it easier for remote attackers to obtain sensitive information by leveraging an unattended workstation.
Exploit prediction scoring system (EPSS) score for CVE-2011-3014
Probability of exploitation activity in the next 30 days: 0.35%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 69 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2011-3014
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2011-3014
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-3014
-
http://www.novell.com/support/viewContent.do?externalId=7009057
Cacheable HTTPS ResponseVendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/69167
Novell Data Synchronize Mobility Pack information disclosure CVE-2011-3014 Vulnerability Report
Products affected by CVE-2011-3014
- cpe:2.3:a:novell:mobility_pack:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:novell:mobility_pack:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:novell:mobility_pack:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:novell:mobility_pack:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:novell:data_synchronizer:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:novell:data_synchronizer:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:novell:data_synchronizer:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:novell:data_synchronizer:1.1.2:*:*:*:*:*:*:*