Kaspersky LabKLA10156KLA10156 Multiple vulnerabilities in FileMaker
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
AI Score
Confidence
Low
EPSS
Percentile
46.0%
Multiple serious vulnerabilities have been found in FileMaker. Malicious users can exploit these vulnerabilities to obtain sensitive information or inject scripts. Below is a complete list of vulnerabilities
- Lack of X.509 certificate verification can be exploited remotely via a specially designed certificate.
- Unspecified vectors can be exploited remotely via XSS.
Original advisories
Related products
CVE list
CVE-2013-3640 warning
CVE-2013-2319 high
Solution
Update to latest version
Impacts
- OSI
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
- CI
Code injection. Exploitation of vulnerabilities with this impact can lead to changes in target code.
Affected Products
- FileMaker Pro versions 11.0v4 and earlierFileMaker AdvancedΒ versions 11.0v4 and earlier
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
AI Score
Confidence
Low
EPSS
Percentile
46.0%