Vulnerabilities > CVE-2010-3892 - Multiple vulnerability in RETIRED: IBM OmniFind
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL network
ibm
Summary
Session fixation vulnerability in the login form in the administrator interface in IBM OmniFind Enterprise Edition 8.x and 9.x allows remote attackers to hijack web sessions by replaying a session ID (aka SID) value. Per: http://cwe.mitre.org/data/definitions/384.html 'CWE-384: Session Fixation'
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 5 |
Packetstorm
data source | https://packetstormsecurity.com/files/download/95687/ibmomnifind-xssescalate.txt |
id | PACKETSTORM:95687 |
last seen | 2016-12-05 |
published | 2010-11-10 |
reporter | Fatih Kilic |
source | https://packetstormsecurity.com/files/95687/IBM-OmniFind-Cross-Site-Scripting-Privilege-Escalation.html |
title | IBM OmniFind Cross Site Scripting / Privilege Escalation |