CVE-2010-3898 | Vulnerability Database | Aqua Security

IBM OmniFind Enterprise Edition 8.x and 9.x does not properly restrict the cookie path of administrator (aka ESAdmin) cookies, which might allow remote attackers to bypass authentication by leveraging access to other pages on the web site.

Affected Software

Name	Vendor	Start Version	End Version
Omnifind	Ibm	8.0 (including)	8.0 (including)
Omnifind	Ibm	8.4 (including)	8.4 (including)
Omnifind	Ibm	8.5 (including)	8.5 (including)
Omnifind	Ibm	9.0 (including)	9.0 (including)
Omnifind	Ibm	9.1 (including)	9.1 (including)

References

http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt
http://www.securityfocus.com/archive/1/514688/100/0/threaded
http://www.securityfocus.com/bid/44740
http://www.vupen.com/english/advisories/2010/2933
http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt
http://www.securityfocus.com/archive/1/514688/100/0/threaded
http://www.securityfocus.com/bid/44740
http://www.vupen.com/english/advisories/2010/2933

NVD	https://nvd.nist.gov/vuln/detail/CVE-2010-3898
CWE	https://cwe.mitre.org/data/definitions/264.html