CVE-2010-3897

ESSearchApplication/palette.do in IBM OmniFind Enterprise Edition 8.x and 9.x includes the administrator password in the HTML source code, which might allow remote attackers to obtain sensitive information by leveraging read access to this file.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt
http://www.securityfocus.com/bid/44740
http://www.vupen.com/english/advisories/2010/2933	Vendor Advisory
http://www.securityfocus.com/archive/1/514688/100/0/threaded

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:omnifind:9.0:-:enterprise:::::*
	cpe:2.3:a:ibm:omnifind:9.1:-:enterprise:::::*
	cpe:2.3:a:ibm:omnifind:8.4:-:enterprise:::::*
	cpe:2.3:a:ibm:omnifind:8.5:-:enterprise:::::*
	cpe:2.3:a:ibm:omnifind:8.0:-:enterprise:::::*

Information

Published : 2010-11-12 14:00

Updated : 2018-10-10 13:06

NVD link : CVE-2010-3897

Mitre link : CVE-2010-3897

JSON object : View

CWE

CWE-255

Credentials Management Errors

Advertisement

Products Affected

ibm

omnifind

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt", "name": "http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt", "tags": [], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/44740", "name": "44740", "tags": [], "refsource": "BID"}, {"url": "http://www.vupen.com/english/advisories/2010/2933", "name": "ADV-2010-2933", "tags": ["Vendor Advisory"], "refsource": "VUPEN"}, {"url": "http://www.securityfocus.com/archive/1/514688/100/0/threaded", "name": "20101109 IBM OmniFind - several vulnerabilities", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "ESSearchApplication/palette.do in IBM OmniFind Enterprise Edition 8.x and 9.x includes the administrator password in the HTML source code, which might allow remote attackers to obtain sensitive information by leveraging read access to this file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-255"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2010-3897", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2010-11-12T22:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:ibm:omnifind:9.0:-:enterprise:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:omnifind:9.1:-:enterprise:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:omnifind:8.4:-:enterprise:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:omnifind:8.5:-:enterprise:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:omnifind:8.0:-:enterprise:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-10T20:06Z"}