Vulnerability Details : CVE-2010-3898
IBM OmniFind Enterprise Edition 8.x and 9.x does not properly restrict the cookie path of administrator (aka ESAdmin) cookies, which might allow remote attackers to bypass authentication by leveraging access to other pages on the web site.
Exploit prediction scoring system (EPSS) score for CVE-2010-3898
Probability of exploitation activity in the next 30 days: 0.23%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 60 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-3898
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2010-3898
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-3898
- http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt
-
http://www.securityfocus.com/bid/44740
RETIRED: IBM OmniFind Multiple Vulnerabilities
-
http://www.securityfocus.com/archive/1/514688/100/0/threaded
SecurityFocus
-
http://www.vupen.com/english/advisories/2010/2933
Webmail | OVH- OVHVendor Advisory
Products affected by CVE-2010-3898
- cpe:2.3:a:ibm:omnifind:8.0:-:enterprise:*:*:*:*:*
- cpe:2.3:a:ibm:omnifind:8.4:-:enterprise:*:*:*:*:*
- cpe:2.3:a:ibm:omnifind:8.5:-:enterprise:*:*:*:*:*
- cpe:2.3:a:ibm:omnifind:9.0:-:enterprise:*:*:*:*:*
- cpe:2.3:a:ibm:omnifind:9.1:-:enterprise:*:*:*:*:*