Vulnerabilities > CVE-2010-3897 - Credentials Management vulnerability in IBM Omnifind

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

ibm

CWE-255

NVD

Published: 2010-11-12

Updated: 2018-10-10

Summary

ESSearchApplication/palette.do in IBM OmniFind Enterprise Edition 8.x and 9.x includes the administrator password in the HTML source code, which might allow remote attackers to obtain sensitive information by leveraging read access to this file.

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Omnifind 8.0 IBM Omnifind 8.4 IBM Omnifind 8.5 IBM Omnifind 9.0 IBM Omnifind 9.1	5

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

Packetstorm

data source	https://packetstormsecurity.com/files/download/95687/ibmomnifind-xssescalate.txt
id	PACKETSTORM:95687
last seen	2016-12-05
published	2010-11-10
reporter	Fatih Kilic
source	https://packetstormsecurity.com/files/95687/IBM-OmniFind-Cross-Site-Scripting-Privilege-Escalation.html
title	IBM OmniFind Cross Site Scripting / Privilege Escalation

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Packetstorm

References