CVE-2010-3892 | Vulnerability Database | Aqua Security

Session fixation vulnerability in the login form in the administrator interface in IBM OmniFind Enterprise Edition 8.x and 9.x allows remote attackers to hijack web sessions by replaying a session ID (aka SID) value.

Affected Software

Name	Vendor	Start Version	End Version
Omnifind	Ibm	8.0 (including)	8.0 (including)
Omnifind	Ibm	8.4 (including)	8.4 (including)
Omnifind	Ibm	8.5 (including)	8.5 (including)
Omnifind	Ibm	9.0 (including)	9.0 (including)
Omnifind	Ibm	9.1 (including)	9.1 (including)

References

http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt
http://www.securityfocus.com/archive/1/514688/100/0/threaded
http://www.securityfocus.com/bid/44740
http://www.vupen.com/english/advisories/2010/2933
http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt
http://www.securityfocus.com/archive/1/514688/100/0/threaded
http://www.securityfocus.com/bid/44740
http://www.vupen.com/english/advisories/2010/2933

NVD	https://nvd.nist.gov/vuln/detail/CVE-2010-3892
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html