CVE-2010-3898

{"id": "CVE-2010-3898", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2010-11-12T22:00:02.377", "references": [{"url": "http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/514688/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/44740", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2010/2933", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/514688/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/44740", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2010/2933", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "IBM OmniFind Enterprise Edition 8.x and 9.x does not properly restrict the cookie path of administrator (aka ESAdmin) cookies, which might allow remote attackers to bypass authentication by leveraging access to other pages on the web site."}, {"lang": "es", "value": "IBM OmniFind Enterprise Edition v8.x y v9.x no restringe adecuadamente la ruta de cookie del administrador (tambi\u00e9n conocido como ESAdmin), lo que puede permitir a atacantes remotos superar la autenticaci\u00f3n aprovechando el acceso a otras paginas en el sitio web. \r\n"}], "lastModified": "2024-11-21T01:19:51.403", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:omnifind:8.0:-:enterprise:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "96D7BDA2-53EE-44A5-BA8E-DC1224B8B8E0"}, {"criteria": "cpe:2.3:a:ibm:omnifind:8.4:-:enterprise:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C73CA22A-FD69-43A1-AFC8-03A82D971AB2"}, {"criteria": "cpe:2.3:a:ibm:omnifind:8.5:-:enterprise:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6929217A-6689-460E-88AC-919B26A5C328"}, {"criteria": "cpe:2.3:a:ibm:omnifind:9.0:-:enterprise:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C955D88D-7E06-43EF-B7F8-5B059519E01B"}, {"criteria": "cpe:2.3:a:ibm:omnifind:9.1:-:enterprise:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8447721A-AE84-4AD5-A15A-51248887B65E"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}