CVE-2010-3896

Name of the Vulnerable Software and Affected Versions IBM OmniFind Enterprise Edition versions 8.x through 9.x

Description The issue concerns the ESSearchApplication directory tree, which does not require authentication. This allows remote attackers to modify the server configuration by sending a request to the "palette.do" endpoint.

Recommendations For IBM OmniFind Enterprise Edition versions 8.x through 9.x, consider restricting access to the ESSearchApplication directory tree until a fix is available. As a temporary workaround, limit modifications to the server configuration to authorized personnel only.