CVE-2010-3891
published 2010-11-12CVE-2010-3891: Cross-site request forgery (CSRF) vulnerability in ESAdmin/security.do in the administrator interface in IBM OmniFind Enterprise Edition before 9.1 allows…
medium6.8CVSS 3.1
AVNACMAuNCPIPAP
EXPLOIT
Cross-site request forgery (CSRF) vulnerability in ESAdmin/security.do in the administrator interface in IBM OmniFind Enterprise Edition before 9.1 allows remote attackers to hijack the authentication of administrators for requests that add an administrative user via a saveNewUser action.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | omnifind | <= 9.0 | — |
| ibm | omnifind | — | — |
| ibm | omnifind | — | — |
| ibm | omnifind | — | — |