Title: FileMaker Pro 5.0 Web Companion Software Multiple Vulnerabilities
Severity: MODERATE
Description:
Web Companion Software is part of the Filemaker Pro 5.0 database package. Included in that package is the XML publishing capabilitiy, which does not make use of Filemaker Pro's web security features. Therefore any remote user can retrieve, via XML, any data from a web connected database regardless of the web security settings on that data.
Filemaker Pro 5.0 also integrates email capabilities into web-based database applications. One of the features now available is the capability to specify contents of a database field for use as a format for an email. This feature bypasses Filemaker Pro's normal web security and allows any remote web user to send any database content to any email address regardless of the security settings for that content.
The email features of Filemaker Pro also allow web users to anonymously forge emails.
Affected Products:
- FileMaker FileMaker Pro 5.0.0
References:
- Blue World Communications: BLUE WORLD ANNOUNCES FILEMAKER PRO 5 WEB SECURITY ALERT
- FileMaker Inc.: FileMaker Homepage
- FileMaker Inc.: Update on Web Companion Issues
- ZDNet News: FileMaker admits security flaws
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
