Vulnerabilities > CVE-2010-3892 - Unspecified vulnerability in IBM Omnifind
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Session fixation vulnerability in the login form in the administrator interface in IBM OmniFind Enterprise Edition 8.x and 9.x allows remote attackers to hijack web sessions by replaying a session ID (aka SID) value.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 5 |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/95687/ibmomnifind-xssescalate.txt |
| id | PACKETSTORM:95687 |
| last seen | 2016-12-05 |
| published | 2010-11-10 |
| reporter | Fatih Kilic |
| source | https://packetstormsecurity.com/files/95687/IBM-OmniFind-Cross-Site-Scripting-Privilege-Escalation.html |
| title | IBM OmniFind Cross Site Scripting / Privilege Escalation |
References
- http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt
- http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt
- http://www.securityfocus.com/archive/1/514688/100/0/threaded
- http://www.securityfocus.com/archive/1/514688/100/0/threaded
- http://www.securityfocus.com/bid/44740
- http://www.securityfocus.com/bid/44740
- http://www.vupen.com/english/advisories/2010/2933
- http://www.vupen.com/english/advisories/2010/2933