Unrated severityNVD Advisory· Published Nov 12, 2010· Updated Jun 16, 2026
CVE-2010-3898
CVE-2010-3898
Description
IBM OmniFind Enterprise Edition 8.x and 9.x does not properly restrict the cookie path of administrator (aka ESAdmin) cookies, which might allow remote attackers to bypass authentication by leveraging access to other pages on the web site.
Affected products
6cpe:2.3:a:ibm:omnifind:8.0:-:enterprise:*:*:*:*:*+ 4 more
- cpe:2.3:a:ibm:omnifind:8.0:-:enterprise:*:*:*:*:*
- cpe:2.3:a:ibm:omnifind:8.4:-:enterprise:*:*:*:*:*
- cpe:2.3:a:ibm:omnifind:8.5:-:enterprise:*:*:*:*:*
- cpe:2.3:a:ibm:omnifind:9.0:-:enterprise:*:*:*:*:*
- cpe:2.3:a:ibm:omnifind:9.1:-:enterprise:*:*:*:*:*
- Range: >=8.0 <=9.x
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.