PT-2010-5147 · Ibm · Ibm Omnifind Enterprise Edition

Publicado

2010-11-12

Atualizado

2018-10-10

CVE-2010-3893

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions IBM OmniFind Enterprise Edition versions 8.x through 9.x

Description The issue concerns a session impersonation problem where the administrator interface fails to restrict the use of a session ID value to a single IP address. This allows remote attackers to perform arbitrary administrative actions by leveraging cookie theft.

Recommendations For IBM OmniFind Enterprise Edition versions 8.x through 9.x, restrict the use of session ID values to a single IP address to prevent session impersonation. As a temporary workaround, consider implementing additional security measures to protect against cookie theft until a more permanent solution is available.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

CVE-2010-3893

Produtos afetados

Ibm Omnifind Enterprise Edition

PT-2010-5147 · Ibm · Ibm Omnifind Enterprise Edition

CVE-2010-3893

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6