VYPR
Unrated severityNVD Advisory· Published Nov 12, 2010· Updated Jun 16, 2026

CVE-2010-3898

CVE-2010-3898

Description

IBM OmniFind Enterprise Edition 8.x and 9.x does not properly restrict the cookie path of administrator (aka ESAdmin) cookies, which might allow remote attackers to bypass authentication by leveraging access to other pages on the web site.

Affected products

6
  • IBM/Omnifind5 versions
    cpe:2.3:a:ibm:omnifind:8.0:-:enterprise:*:*:*:*:*+ 4 more
    • cpe:2.3:a:ibm:omnifind:8.0:-:enterprise:*:*:*:*:*
    • cpe:2.3:a:ibm:omnifind:8.4:-:enterprise:*:*:*:*:*
    • cpe:2.3:a:ibm:omnifind:8.5:-:enterprise:*:*:*:*:*
    • cpe:2.3:a:ibm:omnifind:9.0:-:enterprise:*:*:*:*:*
    • cpe:2.3:a:ibm:omnifind:9.1:-:enterprise:*:*:*:*:*
  • Range: >=8.0 <=9.x

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.