Vulnerabilities > CVE-2010-3897 - Credentials Management vulnerability in IBM Omnifind
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
ESSearchApplication/palette.do in IBM OmniFind Enterprise Edition 8.x and 9.x includes the administrator password in the HTML source code, which might allow remote attackers to obtain sensitive information by leveraging read access to this file.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 5 |
Common Weakness Enumeration (CWE)
Packetstorm
data source | https://packetstormsecurity.com/files/download/95687/ibmomnifind-xssescalate.txt |
id | PACKETSTORM:95687 |
last seen | 2016-12-05 |
published | 2010-11-10 |
reporter | Fatih Kilic |
source | https://packetstormsecurity.com/files/95687/IBM-OmniFind-Cross-Site-Scripting-Privilege-Escalation.html |
title | IBM OmniFind Cross Site Scripting / Privilege Escalation |