CVE-2010-3897

CWE-2553 documents3 sources
Severity
5.0MEDIUM
EPSS
0.3%
top 47.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Omnifind
Timeline
PublishedNov 12
Latest updateMay 14

Description

ESSearchApplication/palette.do in IBM OmniFind Enterprise Edition 8.x and 9.x includes the administrator password in the HTML source code, which might allow remote attackers to obtain sensitive information by leveraging read access to this file.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDibm/omnifind5 versions+4

🔴Vulnerability Details

2
GHSA
GHSA-pfxx-rj6r-jhrv: ESSearchApplication/palette2022-05-14
CVEList
CVE-2010-3897: ESSearchApplication/palette2010-11-12
CVE-2010-3897 (MEDIUM CVSS 5) | ESSearchApplication/palette.do in I | cvebase.io