{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-11-09T00:00:00", "descriptions": [{"lang": "en", "value": "ESSearchApplication/palette.do in IBM OmniFind Enterprise Edition 8.x and 9.x includes the administrator password in the HTML source code, which might allow remote attackers to obtain sensitive information by leveraging read access to this file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-10T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20101109 IBM OmniFind - several vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/514688/100/0/threaded"}, {"name": "44740", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/44740"}, {"tags": ["x_refsource_MISC"], "url": "http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt"}, {"name": "ADV-2010-2933", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/2933"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-3897", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "ESSearchApplication/palette.do in IBM OmniFind Enterprise Edition 8.x and 9.x includes the administrator password in the HTML source code, which might allow remote attackers to obtain sensitive information by leveraging read access to this file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20101109 IBM OmniFind - several vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/514688/100/0/threaded"}, {"name": "44740", "refsource": "BID", "url": "http://www.securityfocus.com/bid/44740"}, {"name": "http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt", "refsource": "MISC", "url": "http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt"}, {"name": "ADV-2010-2933", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/2933"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-3897", "datePublished": "2010-11-12T21:00:00", "dateReserved": "2010-10-12T00:00:00", "dateUpdated": "2018-10-10T18:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:omnifind:8.0:-:enterprise:*:*:*:*:*", "matchCriteriaId": "96D7BDA2-53EE-44A5-BA8E-DC1224B8B8E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:omnifind:8.4:-:enterprise:*:*:*:*:*", "matchCriteriaId": "C73CA22A-FD69-43A1-AFC8-03A82D971AB2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:omnifind:8.5:-:enterprise:*:*:*:*:*", "matchCriteriaId": "6929217A-6689-460E-88AC-919B26A5C328", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:omnifind:9.0:-:enterprise:*:*:*:*:*", "matchCriteriaId": "C955D88D-7E06-43EF-B7F8-5B059519E01B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:omnifind:9.1:-:enterprise:*:*:*:*:*", "matchCriteriaId": "8447721A-AE84-4AD5-A15A-51248887B65E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "ESSearchApplication/palette.do in IBM OmniFind Enterprise Edition 8.x and 9.x includes the administrator password in the HTML source code, which might allow remote attackers to obtain sensitive information by leveraging read access to this file."}, {"lang": "es", "value": "ESSearchApplication/palette.do en IBM OmniFind Enterprise Edition v8.x y v9.x incluye el password de administrador en el c\u00f3digo fuente HTML, lo que puede permitir a atacantes remotos obtener informaci\u00f3n sensible aprovechando la lectura de acceso a dicho archivo. \r\n"}], "id": "CVE-2010-3897", "lastModified": "2018-10-10T20:06:00.903", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-11-12T22:00:02.327", "references": [{"source": "cve@mitre.org", "url": "http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/514688/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/44740"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/2933"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-255"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}