CVE-2010-3898
First published: Fri Nov 12 2010(Updated: )
IBM OmniFind Enterprise Edition 8.x and 9.x does not properly restrict the cookie path of administrator (aka ESAdmin) cookies, which might allow remote attackers to bypass authentication by leveraging access to other pages on the web site.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM OmniFind | =9.0 | |
| IBM OmniFind | =8.0 | |
| IBM OmniFind | =8.5 | |
| IBM OmniFind | =8.4 | |
| IBM OmniFind | =9.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2010-3898?
CVE-2010-3898 is classified as a high-severity vulnerability due to its potential to enable remote authentication bypass.
How do I fix CVE-2010-3898?
To fix CVE-2010-3898, update IBM OmniFind Enterprise Edition to the latest version that corrects the cookie path handling.
What versions of IBM OmniFind are affected by CVE-2010-3898?
CVE-2010-3898 affects IBM OmniFind Enterprise Edition versions 8.0, 8.4, 8.5, and 9.0, along with version 9.1.
Can CVE-2010-3898 be exploited remotely?
Yes, CVE-2010-3898 can be exploited by remote attackers, allowing them to bypass authentication.
Is there a workaround for CVE-2010-3898?
A temporary workaround for CVE-2010-3898 is to implement stricter access controls on the application to limit unauthorized access.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/ibm
- canonical/ibm omnifind
- version/ibm omnifind/9.0
- version/ibm omnifind/8.0
- version/ibm omnifind/8.5
- version/ibm omnifind/8.4
- version/ibm omnifind/9.1