Vulnerabilities > CVE-2010-3892 - Multiple vulnerability in RETIRED: IBM OmniFind

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

ibm

NVD

Published: 2010-11-12

Updated: 2018-10-10

Summary

Session fixation vulnerability in the login form in the administrator interface in IBM OmniFind Enterprise Edition 8.x and 9.x allows remote attackers to hijack web sessions by replaying a session ID (aka SID) value. Per: http://cwe.mitre.org/data/definitions/384.html 'CWE-384: Session Fixation'

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Omnifind 8.0 IBM Omnifind 8.4 IBM Omnifind 8.5 IBM Omnifind 9.0 IBM Omnifind 9.1	5

Packetstorm

data source	https://packetstormsecurity.com/files/download/95687/ibmomnifind-xssescalate.txt
id	PACKETSTORM:95687
last seen	2016-12-05
published	2010-11-10
reporter	Fatih Kilic
source	https://packetstormsecurity.com/files/95687/IBM-OmniFind-Cross-Site-Scripting-Privilege-Escalation.html
title	IBM OmniFind Cross Site Scripting / Privilege Escalation

Summary

Vulnerable Configurations

Packetstorm

References