Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-3891

CWE-352Cross-Site Request Forgery (CSRF)4 documents4 sources
Severity
6.8MEDIUM
EPSS
3.3%
top 12.81%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
IBM Omnifind
Timeline
PublishedNov 12
Latest updateMay 14

Description

Cross-site request forgery (CSRF) vulnerability in ESAdmin/security.do in the administrator interface in IBM OmniFind Enterprise Edition before 9.1 allows remote attackers to hijack the authentication of administrators for requests that add an administrative user via a saveNewUser action.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

NVDibm/omnifind9.0+3

🔴Vulnerability Details

2
GHSA
GHSA-gr45-cvr4-72f3: Cross-site request forgery (CSRF) vulnerability in ESAdmin/security2022-05-14
CVEList
CVE-2010-3891: Cross-site request forgery (CSRF) vulnerability in ESAdmin/security2010-11-12

💥Exploits & PoCs

1
Exploit-DB
IBM OmniFind - Cross-Site Request Forgery2010-11-09
CVE-2010-3891 (MEDIUM CVSS 6.8) | Cross-site request forgery (CSRF) v | cvebase.io