CVE-2010-3892

5 documents4 sources
Severity
6.8MEDIUM
EPSS
0.6%
top 30.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Omnifind
Timeline
PublishedNov 12
Latest updateMay 14

Description

Session fixation vulnerability in the login form in the administrator interface in IBM OmniFind Enterprise Edition 8.x and 9.x allows remote attackers to hijack web sessions by replaying a session ID (aka SID) value.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

NVDibm/omnifind5 versions+4

🔴Vulnerability Details

2
GHSA
GHSA-qrpc-576w-m89j: Session fixation vulnerability in the login form in the administrator interface in IBM OmniFind Enterprise Edition 82022-05-14
CVEList
CVE-2010-3892: Session fixation vulnerability in the login form in the administrator interface in IBM OmniFind Enterprise Edition 82010-11-12

💬Community

1
Bugzilla
CVE-2009-3892 Request Tracker XSS flaw [F10]2009-11-17
CVE-2010-3892 (MEDIUM CVSS 6.8) | Session fixation vulnerability in t | cvebase.io