CVE-2010-3896

CWE-287Improper Authentication3 documents3 sources
Severity
7.5HIGH
EPSS
0.8%
top 26.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Omnifind
Timeline
PublishedNov 12
Latest updateMay 14

Description

The ESSearchApplication directory tree in IBM OmniFind Enterprise Edition 8.x and 9.x does not require authentication, which allows remote attackers to modify the server configuration via a request to palette.do.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDibm/omnifind5 versions+4

🔴Vulnerability Details

2
GHSA
GHSA-72qp-74c2-m684: The ESSearchApplication directory tree in IBM OmniFind Enterprise Edition 82022-05-14
CVEList
CVE-2010-3896: The ESSearchApplication directory tree in IBM OmniFind Enterprise Edition 82010-11-12
CVE-2010-3896 (HIGH CVSS 7.5) | The ESSearchApplication directory t | cvebase.io