|
|
|
Vulnerability Note VU#33433
Filemaker Pro 5.0v3 and below does not adequately protect web-enabled databases
OverviewFileMaker may expose data inadvertently.
I. Description FileMaker Web Companion prior to version 5.0v4 permits unauthorized access to data even if the database manager believes that data is protected by Field Level Security. II. ImpactAttackers can read information, including items such as passwords, stored in databases thought to be protected. III. SolutionUpgrade to 5.0v4 or later as described in http://www.filemaker.com/support/webcompanion_archive.html#may9. Systems Affected
| Vendor | Status | Date Updated |
|---|
| FileMaker | Vulnerable | 14-Dec-2000 |
References
http://www.blueworld.com/blueworld/news/05.01.00-FM5_Security.html
http://www.filemaker.com/support/webcompanion_archive.html#may9
http://www.securityfocus.com/bid/1159
http://www.ciac.org/ciac/bulletins/k-038.shtml
http://www.securityfocus.com/advisories/2212
Credit
Our thanks to Erik C. Thauvin, of Blue World Communications, Inc., who reported this problem to us.
This document was written by Shawn V Hernan.
Other Information
| Date Public | 05/01/2000 |
| Date First Published | 12/14/2000 11:53:24 PM |
| Date Last Updated | 01/17/2001 |
| CERT Advisory | |
| CVE Name | CAN-2000-0385 |
| Metric | 12.00 |
| Document Revision | 10 |
If you have feedback, comments, or additional information about this vulnerability, please send us
email.
|
 |
