CVE-2011-2221

The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 allows remote attackers to bypass WebAdmin authentication and obtain sensitive GroupWise information via unspecified vectors.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.novell.com/support/viewContent.do?externalId=7009053	Vendor Advisory
http://secunia.com/advisories/45527	Vendor Advisory
http://www.securityfocus.com/bid/49069

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:novell:mobility_pack:1.1.1:::::::*
	cpe:2.3:a:novell:mobility_pack:1.1.2:::::::*
	cpe:2.3:a:novell:data_synchronizer:1.0.0:::::::*
	cpe:2.3:a:novell:data_synchronizer:1.1.0:::::::*
	cpe:2.3:a:novell:data_synchronizer:1.1.1:::::::*
	cpe:2.3:a:novell:mobility_pack:1.1:::::::*
	cpe:2.3:a:novell:data_synchronizer:1.1.2:::::::*
	cpe:2.3:a:novell:mobility_pack:1.0:::::::*

Information

Published : 2011-08-09 15:55

Updated : 2015-10-29 08:50

NVD link : CVE-2011-2221

Mitre link : CVE-2011-2221

JSON object : View

CWE

CWE-264

Permissions, Privileges, and Access Controls

Advertisement

Products Affected

novell

data_synchronizer
mobility_pack

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.novell.com/support/viewContent.do?externalId=7009053", "name": "http://www.novell.com/support/viewContent.do?externalId=7009053", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/45527", "name": "45527", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.securityfocus.com/bid/49069", "name": "49069", "tags": [], "refsource": "BID"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 allows remote attackers to bypass WebAdmin authentication and obtain sensitive GroupWise information via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-264"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2011-2221", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2011-08-09T22:55Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:novell:mobility_pack:1.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:novell:mobility_pack:1.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:novell:data_synchronizer:1.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:novell:data_synchronizer:1.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:novell:data_synchronizer:1.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:novell:mobility_pack:1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:novell:data_synchronizer:1.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:novell:mobility_pack:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2015-10-29T15:50Z"}