Vulnerabilities for Data synchronizer (...) - CXSECURITY.COM

Vulnerabilities for 'Data synchronizer'

2011-08-09

CVE-2011-3014

CWE-264

The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 does not properly restrict caching of HTTPS responses, which makes it easier for remote attackers to obtain sensitive information by leveraging an unattended workstation.

CVE-2011-3013

CWE-310

WebAdmin in the Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 supports weak SSL ciphers, which makes it easier for remote attackers to obtain access via a brute-force attack.

CVE-2011-2224

The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.

CVE-2011-2223

The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 sends the Admin LDAP password in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network.

CVE-2011-2222

Session fixation vulnerability in WebAdmin in the Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 allows remote attackers to hijack web sessions via unspecified vectors.

CVE-2011-2221

The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 allows remote attackers to bypass WebAdmin authentication and obtain sensitive GroupWise information via unspecified vectors.

2011-06-08

CVE-2011-1711

CWE-noinfo

Unspecified vulnerability in the Mobility Pack 1.1.2 and earlier in Novell Data Synchronizer 1.0.x, and 1.1.x through 1.1.1 build 428, allows remote authenticated users to access the accounts of other users via unknown vectors.

>>> Vendor: Novell 111 Products

Netware ftp server

Groupwise webaccess

Small business suite

Zenworks desktops

Internet messaging system

Client firewall

Zenworks remote management

Zenworks server management

Zenworks servers

Open enterprise server

Zenworks patch management server

Groupwise messenger

Identity manager

Zenworks asset management

Apache http server

Access manager identity server

Extend director

Modular authentication service

Client login extension (cle)

Zenworks endpoint security management

Zenworks patch management update agent

Challenge response client

Novell client for windows

Zenworks desktop management

Identity manager roles based provisioning module

User application

Netidentity client1.2.3

Suse linux enterprise server

Suse lifecycle management server

Zenworks configuration management

Zenworks handheld management

Zenworks configuration manager

Iprint open enterprise server

Opensuse build service

Suse linux enterprise

Opensuse factory

Identity manager user application

Xtier framework

Data synchronizer

File reporter engine

Suse studio onsite

Iprint open enterprise server 2

Sentinel log manager

Suse audit log keeper

Zenworks mobile management

Suse linux enterprise desktop

Suse linux software development kit

Suse linux enterprise for sap applications

Suse linux enterprise software development kit

Suse linux for vmware

Suse linux enterprise module for legacy software

Suse manager proxy

Suse openstack cloud

Suse package hub for suse linux enterprise

Suse linux enterprise debuginfo

Suse linux enterprise real time extension

Suse linux enterprise live patching

See all Products for Vendor Novell

Copyright 2024, cxsecurity.com