Vulnerabilities > CVE-2010-3897 - Credentials Management vulnerability in IBM Omnifind
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
ESSearchApplication/palette.do in IBM OmniFind Enterprise Edition 8.x and 9.x includes the administrator password in the HTML source code, which might allow remote attackers to obtain sensitive information by leveraging read access to this file.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 5 |
Common Weakness Enumeration (CWE)
Packetstorm
| data source | https://packetstormsecurity.com/files/download/95687/ibmomnifind-xssescalate.txt |
| id | PACKETSTORM:95687 |
| last seen | 2016-12-05 |
| published | 2010-11-10 |
| reporter | Fatih Kilic |
| source | https://packetstormsecurity.com/files/95687/IBM-OmniFind-Cross-Site-Scripting-Privilege-Escalation.html |
| title | IBM OmniFind Cross Site Scripting / Privilege Escalation |
References
- http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt
- http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt
- http://www.securityfocus.com/archive/1/514688/100/0/threaded
- http://www.securityfocus.com/archive/1/514688/100/0/threaded
- http://www.securityfocus.com/bid/44740
- http://www.securityfocus.com/bid/44740
- http://www.vupen.com/english/advisories/2010/2933
- http://www.vupen.com/english/advisories/2010/2933