CVE-2010-3898

Name of the Vulnerable Software and Affected Versions IBM OmniFind Enterprise Edition versions 8.x through 9.x

Description The issue is related to the improper restriction of the cookie path of administrator cookies, which could allow remote attackers to bypass authentication by accessing other pages on the website.

Recommendations For IBM OmniFind Enterprise Edition versions 8.x through 9.x, consider restricting access to administrator pages to minimize the risk of exploitation. As a temporary workaround, review and adjust the cookie path settings to properly restrict access to sensitive areas of the web site. At the moment, there is no information about a newer version that contains a fix for this vulnerability.