Lucene search

[email protected]NVD:CVE-2023-42955

HistoryMay 14, 2024 - 1:46 p.m.

CVE-2023-42955

2024-05-1413:46:21

CWE-257

[email protected]

web.nvd.nist.gov

claris international

resolved issue

password exposure

filemaker server

node.js socket

6.1 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L

6.4 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

JSON

Claris International has successfully resolved an issue of potentially exposing password information to front-end websites when signed in to the Admin Console with an administrator role. This issue has been fixed in FileMaker Server 20.3.1 by eliminating the send of Admin Role passwords in the Node.js socket.

References

support.claris.com/s/article/Administrator-role-passwords-being-exposed-when-logged-into-the-Admin-Console?language=en_US

6.1 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L

6.4 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for NVD:CVE-2023-42955

cve1 cvelist1