CVE-2010-3898 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2010-3898

CWE

https://cwe.mitre.org/data/definitions/264.html

IBM OmniFind Enterprise Edition 8.x and 9.x does not properly restrict the cookie path of administrator (aka ESAdmin) cookies, which might allow remote attackers to bypass authentication by leveraging access to other pages on the web site.

Affected Software

Name	Vendor	Start Version	End Version
Omnifind	Ibm	8.0 (including)	8.0 (including)
Omnifind	Ibm	8.4 (including)	8.4 (including)
Omnifind	Ibm	8.5 (including)	8.5 (including)
Omnifind	Ibm	9.0 (including)	9.0 (including)
Omnifind	Ibm	9.1 (including)	9.1 (including)

References

http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt
http://www.securityfocus.com/archive/1/514688/100/0/threaded
http://www.securityfocus.com/bid/44740
http://www.vupen.com/english/advisories/2010/2933