CVE-2010-3898:omnifind: IBM OmniFind Enterprise Edition 8.x and 9.x does no...

VRDA Feed by

Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis

[ about VRDA Feed | JPCERT/CC ]

Vulnerability Analysis Result (Revision No : 1)

[ Download XML ]

CVE-2010-3898

omnifind: IBM OmniFind Enterprise Edition 8.x and 9.x does no...

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3898

Original

IBM OmniFind Enterprise Edition 8.x and 9.x does not properly restrict the cookie path of administrator (aka ESAdmin) cookies, which might allow remote attackers to bypass authentication by leveraging access to other pages on the web site.

Translation (Show)

About This Analysis Information

Analysis Information Provider:

NIST NVD

First Published:

2010-11-12

Source Information Category:

Advisory, Alert

Last Updated:

2010-11-15

Affected Product Tags

cpe:/a:ibm:omnifind:8.0:-:enterprise

cpe:/a:ibm:omnifind:9.0:-:enterprise

Vulnerability Analysis Results

[Access Vector] ^[?]

Undefined^[?]

Local^[?]

Adjacent Network^[?]

Network^[?]

[Access Complexit] ^[?]

Undefined^[?]

High^[?]

Medium^[?]

Low^[?]

[Authentication] ^[?]

Undefined^[?]

Multiple^[?]

Single^[?]

None^[?]

[Confidentiality Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Integrity Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Availability Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

Alternatives

References

BID 44740

BUGTRAQ 20101109 IBM OmniFind - several vulnerabilities

MISC http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt

VUPEN ADV-2010-2933

Vulnerability Type Permissions, Privileges, and Access Control (CWE-264)