{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-11-09T00:00:00", "descriptions": [{"lang": "en", "value": "IBM OmniFind Enterprise Edition 8.x and 9.x does not properly restrict the cookie path of administrator (aka ESAdmin) cookies, which might allow remote attackers to bypass authentication by leveraging access to other pages on the web site."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-10T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20101109 IBM OmniFind - several vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/514688/100/0/threaded"}, {"name": "44740", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/44740"}, {"tags": ["x_refsource_MISC"], "url": "http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt"}, {"name": "ADV-2010-2933", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/2933"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-3898", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM OmniFind Enterprise Edition 8.x and 9.x does not properly restrict the cookie path of administrator (aka ESAdmin) cookies, which might allow remote attackers to bypass authentication by leveraging access to other pages on the web site."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20101109 IBM OmniFind - several vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/514688/100/0/threaded"}, {"name": "44740", "refsource": "BID", "url": "http://www.securityfocus.com/bid/44740"}, {"name": "http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt", "refsource": "MISC", "url": "http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt"}, {"name": "ADV-2010-2933", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/2933"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-3898", "datePublished": "2010-11-12T21:00:00", "dateReserved": "2010-10-12T00:00:00", "dateUpdated": "2018-10-10T18:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:omnifind:8.0:-:enterprise:*:*:*:*:*", "matchCriteriaId": "96D7BDA2-53EE-44A5-BA8E-DC1224B8B8E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:omnifind:8.4:-:enterprise:*:*:*:*:*", "matchCriteriaId": "C73CA22A-FD69-43A1-AFC8-03A82D971AB2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:omnifind:8.5:-:enterprise:*:*:*:*:*", "matchCriteriaId": "6929217A-6689-460E-88AC-919B26A5C328", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:omnifind:9.0:-:enterprise:*:*:*:*:*", "matchCriteriaId": "C955D88D-7E06-43EF-B7F8-5B059519E01B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:omnifind:9.1:-:enterprise:*:*:*:*:*", "matchCriteriaId": "8447721A-AE84-4AD5-A15A-51248887B65E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "IBM OmniFind Enterprise Edition 8.x and 9.x does not properly restrict the cookie path of administrator (aka ESAdmin) cookies, which might allow remote attackers to bypass authentication by leveraging access to other pages on the web site."}, {"lang": "es", "value": "IBM OmniFind Enterprise Edition v8.x y v9.x no restringe adecuadamente la ruta de cookie del administrador (tambi\u00e9n conocido como ESAdmin), lo que puede permitir a atacantes remotos superar la autenticaci\u00f3n aprovechando el acceso a otras paginas en el sitio web. \r\n"}], "id": "CVE-2010-3898", "lastModified": "2018-10-10T20:06:01.187", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-11-12T22:00:02.377", "references": [{"source": "cve@mitre.org", "url": "http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/514688/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/44740"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/2933"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}