Vulnerability Name:

CVE-2011-1711 (CCN-67840)

Assigned:2011-06-03
Published:2011-06-03
Updated:2017-08-17
Summary:Unspecified vulnerability in the Mobility Pack 1.1.2 and earlier in Novell Data Synchronizer 1.0.x, and 1.1.x through 1.1.1 build 428, allows remote authenticated users to access the accounts of other users via unknown vectors.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:5.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N)
4.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2011-1711

Source: OSVDB
Type: UNKNOWN
72759

Source: CCN
Type: SA44864
Novell Data Synchronizer Mobility Pack Unspecified Security Bypass Vulnerability

Source: SECUNIA
Type: Vendor Advisory
44864

Source: CCN
Type: Novell Document ID: 7008690
Novell Data Synchronizer Mobility Pack Unauthorized user access Security Vulnerability

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.novell.com/support/viewContent.do?externalId=7008690

Source: CCN
Type: OSVDB ID: 72759
Novell Data Synchronizer Mobility Pack Unspecified User Account Access Bypass

Source: BID
Type: UNKNOWN
48117

Source: CCN
Type: BID-48117
Novell Data Synchronizer User Account Unspecified Unauthorized Access Vulnerability

Source: SECTRACK
Type: UNKNOWN
1025608

Source: XF
Type: UNKNOWN
novell-mobility-pack-unauth-access(67840)

Source: XF
Type: UNKNOWN
novell-mobility-pack-unauth-access(67840)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:novell:data_synchronizer:1.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:novell:data_synchronizer:1.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:novell:data_synchronizer:1.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:novell:mobility_pack:1.1:*:*:*:*:*:*:*
  • OR cpe:/a:novell:mobility_pack:1.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:novell:mobility_pack:*:*:*:*:*:*:*:* (Version <= 1.1.2)

    • Configuration CCN 1:
  • cpe:/a:novell:data_synchronizer:1.1.2:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    novell data synchronizer 1.0.0
    novell data synchronizer 1.1.0
    novell data synchronizer 1.1.1
    novell mobility pack 1.1
    novell mobility pack 1.1.1
    novell mobility pack *
    novell data synchronizer 1.1.2