Authentication Bypass in Novell Data Synchronizer Mobility Pack
CVE-2011-2221

Currently unrated

Key Information:

Vendor: Novell
Status: Mobility Pack; Data Synchronizer
Vendor: CVE Published:; 9 August 2011

Summary

The Mobility Pack in Novell Data Synchronizer 1.x versions up to and including 1.1.2 build 428 is susceptible to an authentication bypass vulnerability. This flaw allows remote attackers to gain unauthorized access to the WebAdmin interface, enabling them to retrieve sensitive GroupWise information through unspecified methods. It poses significant risks to the confidentiality and integrity of user data.

References

http://secunia.com/advisories/45527

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/49069

vdb-entryx_refsource_BID

http://www.novell.com/support/viewContent.do?externalId=7...

x_refsource_CONFIRM

Timeline

Vulnerability published
Aug 9, 2011
Vulnerability Reserved
Jun 2, 2011