Session Fixation Vulnerability in Novell Data Synchronizer WebAdmin
CVE-2011-2222

Currently unrated

Key Information:

Vendor: Novell
Status: Mobility Pack; Data Synchronizer
Vendor: CVE Published:; 9 August 2011

What is CVE-2011-2222?

A session fixation vulnerability exists in the WebAdmin interface of Novell Data Synchronizer's Mobility Pack prior to version 1.2. This flaw enables remote attackers to hijack web sessions, potentially leading to unauthorized access and manipulation of user data. The issue arises due to unspecified vectors that can be exploited by attackers to impose a valid session ID onto a victim, thereby compromising session security.

References

http://secunia.com/advisories/45527

third-party-advisoryx_refsource_SECUNIA

http://www.novell.com/support/viewContent.do?externalId=7...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/49069

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 9, 2011
Vulnerability Reserved
Jun 2, 2011