CVE-2010-3893 | Vulnerability Database | Aqua Security

The administrator interface in IBM OmniFind Enterprise Edition 8.x and 9.x does not restrict use of a session ID (aka SID) value to a single IP address, which allows remote attackers to perform arbitrary administrative actions by leveraging cookie theft, related to a session impersonation issue.

Affected Software

Name	Vendor	Start Version	End Version
Omnifind	Ibm	8.0 (including)	8.0 (including)
Omnifind	Ibm	8.4 (including)	8.4 (including)
Omnifind	Ibm	8.5 (including)	8.5 (including)
Omnifind	Ibm	9.0 (including)	9.0 (including)
Omnifind	Ibm	9.1 (including)	9.1 (including)

References

http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt
http://www.securityfocus.com/archive/1/514688/100/0/threaded
http://www.securityfocus.com/bid/44740
http://www.vupen.com/english/advisories/2010/2933
http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt
http://www.securityfocus.com/archive/1/514688/100/0/threaded
http://www.securityfocus.com/bid/44740
http://www.vupen.com/english/advisories/2010/2933

NVD	https://nvd.nist.gov/vuln/detail/CVE-2010-3893
CWE	https://cwe.mitre.org/data/definitions/264.html