CVE-2010-3898 Information

Description

IBM OmniFind Enterprise Edition 8.x and 9.x does not properly restrict the cookie path of administrator (aka ESAdmin) cookies which might allow remote attackers to bypass authentication by leveraging access to other pages on the web site.

Reference

http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt http://www.securityfocus.com/archive/1/514688/100/0/threaded http://www.securityfocus.com/bid/44740 http://www.vupen.com/english/advisories/2010/2933