Описание
ESSearchApplication/palette.do in IBM OmniFind Enterprise Edition 8.x and 9.x includes the administrator password in the HTML source code, which might allow remote attackers to obtain sensitive information by leveraging read access to this file.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:ibm:omnifind:8.0:-:enterprise:*:*:*:*:*
cpe:2.3:a:ibm:omnifind:8.4:-:enterprise:*:*:*:*:*
cpe:2.3:a:ibm:omnifind:8.5:-:enterprise:*:*:*:*:*
cpe:2.3:a:ibm:omnifind:9.0:-:enterprise:*:*:*:*:*
cpe:2.3:a:ibm:omnifind:9.1:-:enterprise:*:*:*:*:*
EPSS
Процентиль: 52%
0.00286
Низкий
5 Medium
CVSS2
Дефекты
CWE-255
Связанные уязвимости
github
больше 3 лет назад
ESSearchApplication/palette.do in IBM OmniFind Enterprise Edition 8.x and 9.x includes the administrator password in the HTML source code, which might allow remote attackers to obtain sensitive information by leveraging read access to this file.
EPSS
Процентиль: 52%
0.00286
Низкий
5 Medium
CVSS2
Дефекты
CWE-255