Information disclosure in Searchblox

CVE-2013-3597

servlet/CollectionListServlet in SearchBlox before 7.5 build 1 allows remote attackers to read usernames and passwords via a getList action.

Vulnerability class: Information Disclosure

EPSS: 0.085 (94.3th percentile) — read the EPSS interpretation.

Affected products

  • Searchblox — versions 6.2, 6.3, 6.4
  • N/a — versions n/a

Weakness classification (CWE)

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2013-3597?
CVE-2013-3597 is a vulnerability in Searchblox, classified under Information Disclosure. Published 2013-08-28.
Is CVE-2013-3597 known to be exploited?
1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.