Ibm

Omnifind

11 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.8

CVE-2010-3892

  • EPSS 0.61%
  • Published 12.11.2010 22:00:02
  • Last modified 11.04.2025 00:51:21

Session fixation vulnerability in the login form in the administrator interface in IBM OmniFind Enterprise Edition 8.x and 9.x allows remote attackers to hijack web sessions by replaying a session ID (aka SID) value.

7.5

CVE-2010-3893

Exploit
  • EPSS 5.14%
  • Published 12.11.2010 22:00:02
  • Last modified 11.04.2025 00:51:21

The administrator interface in IBM OmniFind Enterprise Edition 8.x and 9.x does not restrict use of a session ID (aka SID) value to a single IP address, which allows remote attackers to perform arbitrary administrative actions by leveraging cookie th...

9.3

CVE-2010-3894

Exploit
  • EPSS 13.04%
  • Published 12.11.2010 22:00:02
  • Last modified 11.04.2025 00:51:21

Stack-based buffer overflow in the Java_com_ibm_es_oss_CryptionNative_ESEncrypt function in /opt/IBM/es/lib/libffq.cryptionjni.so in the login form in the administration interface in IBM OmniFind Enterprise Edition before 8.5 FP6 allows remote attack...

7.2

CVE-2010-3895

Exploit
  • EPSS 0.4%
  • Published 12.11.2010 22:00:02
  • Last modified 11.04.2025 00:51:21

esRunCommand in IBM OmniFind Enterprise Edition before 9.1 allows local users to gain privileges by specifying an arbitrary command name as the first argument.

7.5

CVE-2010-3896

Exploit
  • EPSS 0.77%
  • Published 12.11.2010 22:00:02
  • Last modified 11.04.2025 00:51:21

The ESSearchApplication directory tree in IBM OmniFind Enterprise Edition 8.x and 9.x does not require authentication, which allows remote attackers to modify the server configuration via a request to palette.do.

5

CVE-2010-3897

  • EPSS 0.29%
  • Published 12.11.2010 22:00:02
  • Last modified 11.04.2025 00:51:21

ESSearchApplication/palette.do in IBM OmniFind Enterprise Edition 8.x and 9.x includes the administrator password in the HTML source code, which might allow remote attackers to obtain sensitive information by leveraging read access to this file.

5

CVE-2010-3898

  • EPSS 0.29%
  • Published 12.11.2010 22:00:02
  • Last modified 11.04.2025 00:51:21

IBM OmniFind Enterprise Edition 8.x and 9.x does not properly restrict the cookie path of administrator (aka ESAdmin) cookies, which might allow remote attackers to bypass authentication by leveraging access to other pages on the web site.

5

CVE-2010-3899

Exploit
  • EPSS 10.87%
  • Published 12.11.2010 22:00:02
  • Last modified 11.04.2025 00:51:21

IBM OmniFind Enterprise Edition 8.x and 9.x performs web crawls with an unlimited recursion depth, which allows remote web servers to cause a denial of service (infinite loop) via a crafted series of documents.

6.9

CVE-2010-4236

Exploit
  • EPSS 0.37%
  • Published 12.11.2010 22:00:02
  • Last modified 11.04.2025 00:51:21

Untrusted search path vulnerability in estaskwrapper in IBM OmniFind Enterprise Edition before 9.1 allows local users to gain privileges via an ES_LIBRARY_PATH environment variable and a modified PATH environment variable, which is used during execut...

6.8

CVE-2010-3891

Exploit
  • EPSS 2.52%
  • Published 12.11.2010 21:00:04
  • Last modified 11.04.2025 00:51:21

Cross-site request forgery (CSRF) vulnerability in ESAdmin/security.do in the administrator interface in IBM OmniFind Enterprise Edition before 9.1 allows remote attackers to hijack the authentication of administrators for requests that add an admini...