CVE-2010-3898
N/A
N/A
Summary
IBM OmniFind Enterprise Edition 8.x and 9.x does not properly restrict the cookie path of administrator (aka ESAdmin) cookies, which might allow remote attackers to bypass authentication by leveraging access to other pages on the web site.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.securityfocus.com/archive/1/514688/100/0/threaded
- http://www.securityfocus.com/bid/44740
- http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt
- http://www.vupen.com/english/advisories/2010/2933
References
- http://www.securityfocus.com/archive/1/514688/100/0/threaded
- http://www.securityfocus.com/bid/44740
- http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt
- http://www.vupen.com/english/advisories/2010/2933
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.