Session Impersonation in IBM OmniFind Enterprise Edition
CVE-2010-3893

Currently unrated

Key Information:

Vendor: IBM
Status: Omnifind
Vendor: CVE Published:; 12 November 2010

Summary

The administrative interface of IBM OmniFind Enterprise Edition versions 8.x and 9.x lacks proper session ID (SID) restrictions, allowing attackers to exploit this flaw. By stealing session cookies, an unauthorized user can impersonate an admin and execute arbitrary administrative actions. This vulnerability poses a significant risk, as it can be leveraged for unauthorized data access and control over the affected system.

References

http://www.securityfocus.com/archive/1/514688/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/44740

vdb-entryx_refsource_BID

http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm...

x_refsource_MISC

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Nov 12, 2010
Vulnerability Reserved
Oct 12, 2010