SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips
 

Vulnerability Note VU#33433

Filemaker Pro 5.0v3 and below does not adequately protect web-enabled databases

Overview

FileMaker may expose data inadvertently.

I. Description

 FileMaker Web Companion prior to version 5.0v4 permits unauthorized access to data even if the database manager believes that data is protected by Field Level Security.

II. Impact

Attackers can read information, including items such as passwords, stored in databases thought to be protected.

III. Solution

Upgrade to 5.0v4 or later as described in http://www.filemaker.com/support/webcompanion_archive.html#may9.

Systems Affected
VendorStatusDate Updated
FileMakerVulnerable14-Dec-2000

References


http://www.blueworld.com/blueworld/news/05.01.00-FM5_Security.html
http://www.filemaker.com/support/webcompanion_archive.html#may9
http://www.securityfocus.com/bid/1159
http://www.ciac.org/ciac/bulletins/k-038.shtml
http://www.securityfocus.com/advisories/2212

Credit

Our thanks to Erik C. Thauvin, of Blue World Communications, Inc., who reported this problem to us.

This document was written by Shawn V Hernan.

Other Information

Date Public05/01/2000
Date First Published12/14/2000 11:53:24 PM
Date Last Updated01/17/2001
CERT Advisory 
CVE-ID(s)CAN-2000-0385
NVD-ID(s)CAN-2000-0385
US-CERT Technical Alerts 
Metric12.00
Document Revision10

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2000 Carnegie Mellon University
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader