CVE-2010-3893
published 2010-11-12CVE-2010-3893: The administrator interface in IBM OmniFind Enterprise Edition 8.x and 9.x does not restrict use of a session ID (aka SID) value to a single IP address, which…
high7.5CVSS 3.1
AVNACLAuNCPIPAP
EXPLOIT
The administrator interface in IBM OmniFind Enterprise Edition 8.x and 9.x does not restrict use of a session ID (aka SID) value to a single IP address, which allows remote attackers to perform arbitrary administrative actions by leveraging cookie theft, related to a "session impersonation" issue.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | omnifind | — | — |
| ibm | omnifind | — | — |
| ibm | omnifind | — | — |
| ibm | omnifind | — | — |
| ibm | omnifind | — | — |