CVE-2010-3896

Currently unrated

Key Information:

Vendor: IBM
Status: Omnifind
Vendor: CVE Published:; 12 November 2010

Summary

The ESSearchApplication directory tree in IBM OmniFind Enterprise Edition 8.x and 9.x does not require authentication, which allows remote attackers to modify the server configuration via a request to palette.do.

References

http://www.securityfocus.com/archive/1/514688/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/44740

vdb-entryx_refsource_BID

http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm...

x_refsource_MISC

Timeline

Vulnerability published
Nov 12, 2010
Vulnerability Reserved
Oct 12, 2010