Session Fixation Vulnerability in IBM OmniFind Enterprise Edition
CVE-2010-3892

Currently unrated

Key Information:

Vendor: IBM
Status: Omnifind
Vendor: CVE Published:; 12 November 2010

What is CVE-2010-3892?

A session fixation vulnerability exists in the administrator interface login form of IBM OmniFind Enterprise Edition versions 8.x and 9.x. This security flaw enables remote attackers to exploit a replayable session ID (SID) value, which can lead to unauthorized session hijacking. If successfully executed, this allows attackers to impersonate valid users, potentially jeopardizing sensitive information and system integrity.

References

http://www.securityfocus.com/archive/1/514688/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/44740

vdb-entryx_refsource_BID

http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm...

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 12, 2010
Vulnerability Reserved
Oct 12, 2010