Search criteria
12 vulnerabilities found for filemaker_pro by filemaker
CVE-2014-5322 (GCVE-0-2014-5322)
Vulnerability from nvd – Published: 2014-09-22 01:00 – Updated: 2024-08-06 11:41
VLAI
Summary
Cross-site scripting (XSS) vulnerability in the Instant Web Publish function in FileMaker Pro before 13 and Pro Advanced before 13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-3640.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id/1030880 | vdb-entryx_refsource_SECTRACK |
| http://jvn.jp/en/jp/JVN53579095/index.html | third-party-advisoryx_refsource_JVN |
| http://www.securityfocus.com/bid/69987 | vdb-entryx_refsource_BID |
| http://jvndb.jvn.jp/jvndb/JVNDB-2014-000113 | third-party-advisoryx_refsource_JVNDB |
Date Public
2014-09-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:48.621Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1030880",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030880"
},
{
"name": "JVN#53579095",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN53579095/index.html"
},
{
"name": "69987",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69987"
},
{
"name": "JVNDB-2014-000113",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000113"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Instant Web Publish function in FileMaker Pro before 13 and Pro Advanced before 13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-3640."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-04-29T18:57:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "1030880",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030880"
},
{
"name": "JVN#53579095",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN53579095/index.html"
},
{
"name": "69987",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69987"
},
{
"name": "JVNDB-2014-000113",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000113"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2014-5322",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Instant Web Publish function in FileMaker Pro before 13 and Pro Advanced before 13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-3640."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1030880",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030880"
},
{
"name": "JVN#53579095",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN53579095/index.html"
},
{
"name": "69987",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69987"
},
{
"name": "JVNDB-2014-000113",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000113"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2014-5322",
"datePublished": "2014-09-22T01:00:00.000Z",
"dateReserved": "2014-08-18T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:41:48.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5321 (GCVE-0-2014-5321)
Vulnerability from nvd – Published: 2014-09-22 01:00 – Updated: 2024-08-06 11:41
VLAI
Summary
FileMaker Pro before 13 and Pro Advanced before 13 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2319.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://jvndb.jvn.jp/jvndb/JVNDB-2014-000114 | third-party-advisoryx_refsource_JVNDB |
| http://jvn.jp/en/jp/JVN85812843/index.html | third-party-advisoryx_refsource_JVN |
Date Public
2014-09-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:48.619Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2014-000114",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000114"
},
{
"name": "JVN#85812843",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN85812843/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "FileMaker Pro before 13 and Pro Advanced before 13 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2319."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-09-22T01:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2014-000114",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000114"
},
{
"name": "JVN#85812843",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN85812843/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2014-5321",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FileMaker Pro before 13 and Pro Advanced before 13 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2319."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2014-000114",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000114"
},
{
"name": "JVN#85812843",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN85812843/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2014-5321",
"datePublished": "2014-09-22T01:00:00.000Z",
"dateReserved": "2014-08-18T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:41:48.619Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3640 (GCVE-0-2013-3640)
Vulnerability from nvd – Published: 2013-06-10 17:00 – Updated: 2024-09-16 23:30
VLAI
Summary
Cross-site scripting (XSS) vulnerability in the Instant Web Publish function in FileMaker Pro before 12 and Pro Advanced before 12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN53579095/index.html | third-party-advisoryx_refsource_JVN |
| http://jvndb.jvn.jp/jvndb/JVNDB-2013-000049 | third-party-advisoryx_refsource_JVNDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.664Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#53579095",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN53579095/index.html"
},
{
"name": "JVNDB-2013-000049",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000049"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Instant Web Publish function in FileMaker Pro before 12 and Pro Advanced before 12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-06-10T17:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#53579095",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN53579095/index.html"
},
{
"name": "JVNDB-2013-000049",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000049"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-3640",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Instant Web Publish function in FileMaker Pro before 12 and Pro Advanced before 12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#53579095",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN53579095/index.html"
},
{
"name": "JVNDB-2013-000049",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000049"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-3640",
"datePublished": "2013-06-10T17:00:00.000Z",
"dateReserved": "2013-05-22T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:30:42.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2319 (GCVE-0-2013-2319)
Vulnerability from nvd – Published: 2013-06-10 17:00 – Updated: 2024-09-17 03:37
VLAI
Summary
FileMaker Pro before 12 and Pro Advanced before 12 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://jvndb.jvn.jp/jvndb/JVNDB-2013-000048 | third-party-advisoryx_refsource_JVNDB |
| http://jvn.jp/en/jp/JVN85812843/index.html | third-party-advisoryx_refsource_JVN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:36:45.791Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2013-000048",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000048"
},
{
"name": "JVN#85812843",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN85812843/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FileMaker Pro before 12 and Pro Advanced before 12 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-06-10T17:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2013-000048",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000048"
},
{
"name": "JVN#85812843",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN85812843/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-2319",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FileMaker Pro before 12 and Pro Advanced before 12 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2013-000048",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000048"
},
{
"name": "JVN#85812843",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN85812843/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-2319",
"datePublished": "2013-06-10T17:00:00.000Z",
"dateReserved": "2013-03-04T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:37:35.004Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2014-5322
Vulnerability from fkie_nvd - Published: 2014-09-22 01:55 - Updated: 2026-05-06 22:30
Severity
Summary
Cross-site scripting (XSS) vulnerability in the Instant Web Publish function in FileMaker Pro before 13 and Pro Advanced before 13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-3640.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| filemaker | filemaker_pro | * | |
| filemaker | filemaker_pro_advanced | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9FCE7435-075A-431D-9ADB-7D34AF5CD7D9",
"versionEndIncluding": "12.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro_advanced:*:*:*:*:*:*:*:*",
"matchCriteriaId": "220982EA-BFEF-4D14-8B4F-E0B36822B2F2",
"versionEndIncluding": "12.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Instant Web Publish function in FileMaker Pro before 13 and Pro Advanced before 13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-3640."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en la funci\u00f3n Instant Web Publish en FileMaker Pro anterior a 13 y Pro Advanced anterior a 13 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados. Nota: Esta vulnerabilidad existe debido a una soluci\u00f3n incorrecta para CVE-2013-3640."
}
],
"id": "CVE-2014-5322",
"lastModified": "2026-05-06T22:30:45.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-09-22T01:55:06.463",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN53579095/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000113"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://www.securityfocus.com/bid/69987"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://www.securitytracker.com/id/1030880"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN53579095/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/69987"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1030880"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-5321
Vulnerability from fkie_nvd - Published: 2014-09-22 01:55 - Updated: 2026-05-06 22:30
Severity
Summary
FileMaker Pro before 13 and Pro Advanced before 13 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2319.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| filemaker | filemaker_pro | * | |
| filemaker | filemaker_pro_advanced | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9FCE7435-075A-431D-9ADB-7D34AF5CD7D9",
"versionEndIncluding": "12.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro_advanced:*:*:*:*:*:*:*:*",
"matchCriteriaId": "220982EA-BFEF-4D14-8B4F-E0B36822B2F2",
"versionEndIncluding": "12.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FileMaker Pro before 13 and Pro Advanced before 13 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2319."
},
{
"lang": "es",
"value": "FileMaker Pro anterior a 13 y Pro Advanced anterior a 13 no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle falsificar servidores y obtener informaci\u00f3n sensible a trav\u00e9s de un certificado manipulado. NOTA: esta vulnerabilidad se debe a una soluci\u00f3n incorrecta para CVE-2013-2319."
}
],
"id": "CVE-2014-5321",
"lastModified": "2026-05-06T22:30:45.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-09-22T01:55:05.357",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN85812843/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000114"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN85812843/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000114"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-3640
Vulnerability from fkie_nvd - Published: 2013-06-10 17:55 - Updated: 2026-04-29 01:13
Severity
Summary
Cross-site scripting (XSS) vulnerability in the Instant Web Publish function in FileMaker Pro before 12 and Pro Advanced before 12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro:*:*:*:*:*:*:*:*",
"matchCriteriaId": "91AC63CB-912D-4467-84FA-F714414EC41D",
"versionEndIncluding": "11.0.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro:8.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "08C630C3-2A21-41C7-A9B8-551486884008",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro:8.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A4C492D6-1753-4496-AD46-205841303FC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro:8.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C53E635A-B584-4016-981F-4BF683C1DA90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F7EDA105-E45D-46E6-ACD1-57B2E0A5623C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro:8.5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3CE05182-020F-4828-A5C3-DB92CC61EAD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro:8.5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "39E54415-A86C-4B83-90E2-1B6DF1B7B864",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro:9.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "01EF4EA6-DAAD-44AD-AA8A-51A144AB4B47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro:9.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1E27D0FF-5BBD-4DBB-9A6B-DA8F7816E82F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro:9.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E01567D9-12B5-4206-A9C3-0295F859DB46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro:9.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "94FB04BC-2E73-4251-9C0A-B22EFE02696D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro:10.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9A872A5F-FE0F-4434-B288-6310FC43DC53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro:10.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6C43EE86-4216-463F-9C92-4C8DF55D963D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro:10.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E4CA5927-46BF-41C3-A055-A2DAAD08D4B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro:11.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C101770-C088-4245-BBF1-FF8017530A30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro:11.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "778A5E6D-325C-429D-995A-A2332F297DE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro:11.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FB291F8F-1B20-45B9-B497-2A8BAB503C17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro:11.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6438200C-F6E5-49C1-BB47-CBDEDED7C987",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro_advanced:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6225AC8-0583-4DB8-939F-9DDC1CADDFCE",
"versionEndIncluding": "11.0.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro_advanced:8.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C5403EB1-B11A-4615-B156-9F4AAD2794D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro_advanced:8.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1B65A8BC-6910-47E2-BF0D-A56E404354D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro_advanced:8.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "409837BA-096F-43D6-9F22-98F374FBEFF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro_advanced:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5CBEEA6C-B2F6-4392-A308-789006DBCB73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro_advanced:8.5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "78651EB1-69B0-4812-99A2-0A7D569EB371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro_advanced:8.5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F339DF60-3316-44FB-834B-1C5924A96704",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro_advanced:9.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "10A807EE-E137-47C5-B550-50A7DF2095DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro_advanced:9.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1F106C5-CBD6-47D5-82A8-D9B0341A9F19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro_advanced:9.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "835C0189-F2E1-43D5-BFFB-928E8F880487",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro_advanced:9.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EDF45D0B-6793-4A05-9B36-9AABFC646085",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro_advanced:10.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7DDE58D0-D83A-43B0-8921-A7FEB5D9ACCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro_advanced:10.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2502F90F-C8DB-44CE-963D-CAD9CEA54C2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro_advanced:10.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA284490-ED86-429A-A55A-9808A33130A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro_advanced:11.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C772A131-6BE9-4D8E-B531-1A31E072F055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro_advanced:11.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C4ADDB39-ACBF-46A8-9EBC-36BACD85A7FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro_advanced:11.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E6BE5B13-5EE7-451A-BB61-4091A46D94CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro_advanced:11.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A2445B8-7761-4032-96C3-4A2A08AA1168",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Instant Web Publish function in FileMaker Pro before 12 and Pro Advanced before 12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad Cross-site scripting (XSS) en la funci\u00f3n Instant Web Publish en FileMaker Pro anterior a v12 y Pro Advanced anterior a v12 permite a atacantes remotos a inyectar secuencias de comandos Web o HTML a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-3640",
"lastModified": "2026-04-29T01:13:23.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-06-10T17:55:01.583",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN53579095/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000049"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN53579095/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000049"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-2319
Vulnerability from fkie_nvd - Published: 2013-06-10 17:55 - Updated: 2026-04-29 01:13
Severity
Summary
FileMaker Pro before 12 and Pro Advanced before 12 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro:*:*:*:*:*:*:*:*",
"matchCriteriaId": "91AC63CB-912D-4467-84FA-F714414EC41D",
"versionEndIncluding": "11.0.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro:8.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "08C630C3-2A21-41C7-A9B8-551486884008",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro:8.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A4C492D6-1753-4496-AD46-205841303FC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro:8.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C53E635A-B584-4016-981F-4BF683C1DA90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F7EDA105-E45D-46E6-ACD1-57B2E0A5623C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro:8.5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3CE05182-020F-4828-A5C3-DB92CC61EAD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro:8.5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "39E54415-A86C-4B83-90E2-1B6DF1B7B864",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro:9.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "01EF4EA6-DAAD-44AD-AA8A-51A144AB4B47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro:9.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1E27D0FF-5BBD-4DBB-9A6B-DA8F7816E82F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro:9.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E01567D9-12B5-4206-A9C3-0295F859DB46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro:9.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "94FB04BC-2E73-4251-9C0A-B22EFE02696D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro:10.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9A872A5F-FE0F-4434-B288-6310FC43DC53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro:10.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6C43EE86-4216-463F-9C92-4C8DF55D963D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro:10.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E4CA5927-46BF-41C3-A055-A2DAAD08D4B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro:11.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C101770-C088-4245-BBF1-FF8017530A30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro:11.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "778A5E6D-325C-429D-995A-A2332F297DE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro:11.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FB291F8F-1B20-45B9-B497-2A8BAB503C17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro:11.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6438200C-F6E5-49C1-BB47-CBDEDED7C987",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro_advanced:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6225AC8-0583-4DB8-939F-9DDC1CADDFCE",
"versionEndIncluding": "11.0.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro_advanced:8.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C5403EB1-B11A-4615-B156-9F4AAD2794D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro_advanced:8.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1B65A8BC-6910-47E2-BF0D-A56E404354D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro_advanced:8.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "409837BA-096F-43D6-9F22-98F374FBEFF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro_advanced:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5CBEEA6C-B2F6-4392-A308-789006DBCB73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro_advanced:8.5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "78651EB1-69B0-4812-99A2-0A7D569EB371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro_advanced:8.5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F339DF60-3316-44FB-834B-1C5924A96704",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro_advanced:9.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "10A807EE-E137-47C5-B550-50A7DF2095DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro_advanced:9.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1F106C5-CBD6-47D5-82A8-D9B0341A9F19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro_advanced:9.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "835C0189-F2E1-43D5-BFFB-928E8F880487",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro_advanced:9.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EDF45D0B-6793-4A05-9B36-9AABFC646085",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro_advanced:10.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7DDE58D0-D83A-43B0-8921-A7FEB5D9ACCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro_advanced:10.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2502F90F-C8DB-44CE-963D-CAD9CEA54C2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro_advanced:10.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA284490-ED86-429A-A55A-9808A33130A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro_advanced:11.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C772A131-6BE9-4D8E-B531-1A31E072F055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro_advanced:11.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C4ADDB39-ACBF-46A8-9EBC-36BACD85A7FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro_advanced:11.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E6BE5B13-5EE7-451A-BB61-4091A46D94CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:filemaker:filemaker_pro_advanced:11.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A2445B8-7761-4032-96C3-4A2A08AA1168",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FileMaker Pro before 12 and Pro Advanced before 12 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
},
{
"lang": "es",
"value": "FileMaker Pro anterior a v12 y Pro Advanced anterior a v12 no verifica los certificados X.509 de los servidores SSL, los que permitir\u00eda ataques hombre en medio (man-in-the-middle) para espiar servidores y obtener informaci\u00f3n sensible a trav\u00e9s de un certificado manipulado."
}
],
"id": "CVE-2013-2319",
"lastModified": "2026-04-29T01:13:23.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-06-10T17:55:01.563",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN85812843/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000048"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN85812843/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000048"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2014-5321 (GCVE-0-2014-5321)
Vulnerability from cvelistv5 – Published: 2014-09-22 01:00 – Updated: 2024-08-06 11:41
VLAI
Summary
FileMaker Pro before 13 and Pro Advanced before 13 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2319.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://jvndb.jvn.jp/jvndb/JVNDB-2014-000114 | third-party-advisoryx_refsource_JVNDB |
| http://jvn.jp/en/jp/JVN85812843/index.html | third-party-advisoryx_refsource_JVN |
Date Public
2014-09-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:48.619Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2014-000114",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000114"
},
{
"name": "JVN#85812843",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN85812843/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "FileMaker Pro before 13 and Pro Advanced before 13 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2319."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-09-22T01:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2014-000114",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000114"
},
{
"name": "JVN#85812843",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN85812843/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2014-5321",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FileMaker Pro before 13 and Pro Advanced before 13 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2319."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2014-000114",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000114"
},
{
"name": "JVN#85812843",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN85812843/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2014-5321",
"datePublished": "2014-09-22T01:00:00.000Z",
"dateReserved": "2014-08-18T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:41:48.619Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5322 (GCVE-0-2014-5322)
Vulnerability from cvelistv5 – Published: 2014-09-22 01:00 – Updated: 2024-08-06 11:41
VLAI
Summary
Cross-site scripting (XSS) vulnerability in the Instant Web Publish function in FileMaker Pro before 13 and Pro Advanced before 13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-3640.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id/1030880 | vdb-entryx_refsource_SECTRACK |
| http://jvn.jp/en/jp/JVN53579095/index.html | third-party-advisoryx_refsource_JVN |
| http://www.securityfocus.com/bid/69987 | vdb-entryx_refsource_BID |
| http://jvndb.jvn.jp/jvndb/JVNDB-2014-000113 | third-party-advisoryx_refsource_JVNDB |
Date Public
2014-09-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:48.621Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1030880",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030880"
},
{
"name": "JVN#53579095",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN53579095/index.html"
},
{
"name": "69987",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69987"
},
{
"name": "JVNDB-2014-000113",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000113"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Instant Web Publish function in FileMaker Pro before 13 and Pro Advanced before 13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-3640."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-04-29T18:57:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "1030880",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030880"
},
{
"name": "JVN#53579095",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN53579095/index.html"
},
{
"name": "69987",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69987"
},
{
"name": "JVNDB-2014-000113",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000113"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2014-5322",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Instant Web Publish function in FileMaker Pro before 13 and Pro Advanced before 13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-3640."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1030880",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030880"
},
{
"name": "JVN#53579095",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN53579095/index.html"
},
{
"name": "69987",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69987"
},
{
"name": "JVNDB-2014-000113",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000113"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2014-5322",
"datePublished": "2014-09-22T01:00:00.000Z",
"dateReserved": "2014-08-18T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:41:48.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2319 (GCVE-0-2013-2319)
Vulnerability from cvelistv5 – Published: 2013-06-10 17:00 – Updated: 2024-09-17 03:37
VLAI
Summary
FileMaker Pro before 12 and Pro Advanced before 12 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://jvndb.jvn.jp/jvndb/JVNDB-2013-000048 | third-party-advisoryx_refsource_JVNDB |
| http://jvn.jp/en/jp/JVN85812843/index.html | third-party-advisoryx_refsource_JVN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:36:45.791Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2013-000048",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000048"
},
{
"name": "JVN#85812843",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN85812843/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FileMaker Pro before 12 and Pro Advanced before 12 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-06-10T17:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2013-000048",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000048"
},
{
"name": "JVN#85812843",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN85812843/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-2319",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FileMaker Pro before 12 and Pro Advanced before 12 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2013-000048",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000048"
},
{
"name": "JVN#85812843",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN85812843/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-2319",
"datePublished": "2013-06-10T17:00:00.000Z",
"dateReserved": "2013-03-04T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:37:35.004Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3640 (GCVE-0-2013-3640)
Vulnerability from cvelistv5 – Published: 2013-06-10 17:00 – Updated: 2024-09-16 23:30
VLAI
Summary
Cross-site scripting (XSS) vulnerability in the Instant Web Publish function in FileMaker Pro before 12 and Pro Advanced before 12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN53579095/index.html | third-party-advisoryx_refsource_JVN |
| http://jvndb.jvn.jp/jvndb/JVNDB-2013-000049 | third-party-advisoryx_refsource_JVNDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.664Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#53579095",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN53579095/index.html"
},
{
"name": "JVNDB-2013-000049",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000049"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Instant Web Publish function in FileMaker Pro before 12 and Pro Advanced before 12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-06-10T17:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#53579095",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN53579095/index.html"
},
{
"name": "JVNDB-2013-000049",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000049"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-3640",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Instant Web Publish function in FileMaker Pro before 12 and Pro Advanced before 12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#53579095",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN53579095/index.html"
},
{
"name": "JVNDB-2013-000049",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000049"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-3640",
"datePublished": "2013-06-10T17:00:00.000Z",
"dateReserved": "2013-05-22T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:30:42.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}