CVE-2010-3898
Published Nov 12, 2010
Last updated 6 years ago
Overview
- Description
- IBM OmniFind Enterprise Edition 8.x and 9.x does not properly restrict the cookie path of administrator (aka ESAdmin) cookies, which might allow remote attackers to bypass authentication by leveraging access to other pages on the web site.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-264
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:omnifind:8.0:-:enterprise:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "96D7BDA2-53EE-44A5-BA8E-DC1224B8B8E0"
},
{
"criteria": "cpe:2.3:a:ibm:omnifind:8.4:-:enterprise:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C73CA22A-FD69-43A1-AFC8-03A82D971AB2"
},
{
"criteria": "cpe:2.3:a:ibm:omnifind:8.5:-:enterprise:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6929217A-6689-460E-88AC-919B26A5C328"
},
{
"criteria": "cpe:2.3:a:ibm:omnifind:9.0:-:enterprise:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C955D88D-7E06-43EF-B7F8-5B059519E01B"
},
{
"criteria": "cpe:2.3:a:ibm:omnifind:9.1:-:enterprise:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8447721A-AE84-4AD5-A15A-51248887B65E"
}
],
"operator": "OR"
}
]
}
]