PT-2010-5147 · Ibm · Ibm Omnifind Enterprise Edition

Published

2010-11-12

Updated

2018-10-10

CVE-2010-3893

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions IBM OmniFind Enterprise Edition versions 8.x through 9.x

Description The issue concerns a session impersonation problem where the administrator interface fails to restrict the use of a session ID value to a single IP address. This allows remote attackers to perform arbitrary administrative actions by leveraging cookie theft.

Recommendations For IBM OmniFind Enterprise Edition versions 8.x through 9.x, restrict the use of session ID values to a single IP address to prevent session impersonation. As a temporary workaround, consider implementing additional security measures to protect against cookie theft until a more permanent solution is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2010-3893

Affected Products

Ibm Omnifind Enterprise Edition

PT-2010-5147 · Ibm · Ibm Omnifind Enterprise Edition

CVE-2010-3893

Weakness Enumeration

Related Identifiers

Affected Products

References · 6