Vulnerability Description
ESSearchApplication/palette.do in IBM OmniFind Enterprise Edition 8.x and 9.x includes the administrator password in the HTML source code, which might allow remote attackers to obtain sensitive information by leveraging read access to this file.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Omnifind | 8.0 |
Related Weaknesses (CWE)
References
- http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt
- http://www.securityfocus.com/archive/1/514688/100/0/threaded
- http://www.securityfocus.com/bid/44740
- http://www.vupen.com/english/advisories/2010/2933Vendor Advisory
- http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt
- http://www.securityfocus.com/archive/1/514688/100/0/threaded
- http://www.securityfocus.com/bid/44740
- http://www.vupen.com/english/advisories/2010/2933Vendor Advisory
FAQ
What is CVE-2010-3897?
CVE-2010-3897 is a vulnerability with a CVSS score of 5.0 (MEDIUM). ESSearchApplication/palette.do in IBM OmniFind Enterprise Edition 8.x and 9.x includes the administrator password in the HTML source code, which might allow remote attackers to obtain sensitive inform...
How severe is CVE-2010-3897?
CVE-2010-3897 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-3897?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Omnifind.