{"vuid":"VU#33433","idnumber":"33433","name":"Filemaker Pro 5.0v3 and below does not adequately protect web-enabled databases","keywords":["Filemaker Pro","database","web","XML","security","web companion"],"overview":"FileMaker may expose data inadvertently.","clean_desc":"FileMaker Web Companion prior to version 5.0v4 permits unauthorized access to data even if the database manager believes that data is protected by Field Level Security.","impact":"Attackers can read information, including items such as passwords, stored in databases thought to be protected.","resolution":"Upgrade to 5.0v4 or later as described in http://www.filemaker.com/support/webcompanion_archive.html#may9.","workarounds":"","sysaffected":"","thanks":"Our thanks to Erik C. Thauvin, of Blue World Communications, Inc., who reported this problem to us.","author":"This document was written by Shawn V Hernan.","public":["http://www.blueworld.com/blueworld/news/05.01.00-FM5_Security.html","http://www.filemaker.com/support/webcompanion_archive.html#may9","http://www.securityfocus.com/bid/1159","http://www.ciac.org/ciac/bulletins/k-038.shtml","http://www.securityfocus.com/advisories/2212"],"cveids":["CVE-2000-0385"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2000-05-05T16:45:30Z","publicdate":"2000-05-01T00:00:00Z","datefirstpublished":"2000-12-15T04:52:52Z","dateupdated":"2001-01-17T05:16:29Z","revision":10,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"10","cam_population":"8","cam_impact":"8","cam_easeofexploitation":"20","cam_attackeraccessrequired":"20","cam_scorecurrent":"12","cam_scorecurrentwidelyknown":"14.4","cam_scorecurrentwidelyknownexploited":"24","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":12.0,"vulnote":null}