| Vulnerability Name: | CVE-2010-3898 (CCN-63145) | ||||||||
| Assigned: | 2010-11-09 | ||||||||
| Published: | 2010-11-09 | ||||||||
| Updated: | 2018-10-10 | ||||||||
| Summary: | IBM OmniFind Enterprise Edition 8.x and 9.x does not properly restrict the cookie path of administrator (aka ESAdmin) cookies, which might allow remote attackers to bypass authentication by leveraging access to other pages on the web site. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-264 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Tue Nov 09 2010 - 03:15:19 CST IBM OmniFind - several vulnerabilities Source: MITRE Type: CNA CVE-2010-3898 Source: CCN Type: SA42119 IBM OmniFind Enterprise Edition Multiple Vulnerabilities Source: CCN Type: Fatih Kilic IBM OmniFind several issues Source: MISC Type: UNKNOWN http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt Source: CCN Type: IBM Web site OmniFind Enterprise Edition Source: CCN Type: IBM Security Bulletin 1457083 Solutions for security vulnerabilities in OmniFind Enterprise Edition Source: CCN Type: OSVDB ID: 69249 IBM OmniFind ESAdmin Cookie Path Restriction Weakness Remote Authentication Bypass Source: BUGTRAQ Type: UNKNOWN 20101109 IBM OmniFind - several vulnerabilities Source: BID Type: UNKNOWN 44740 Source: CCN Type: BID-44740 RETIRED: IBM OmniFind Multiple Vulnerabilities Source: VUPEN Type: Vendor Advisory ADV-2010-2933 Source: XF Type: UNKNOWN omnifind-cookie-weak-security(63145) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||