CVE-2010-3891
IBM OmniFind Enterprise Edition (before 9.1) is affected by CVE-2010-3891: a Cross-Site Request Forgery in ESAdmin/security.do allows an attacker to perform actions in the administrator context, including adding a new admin user via a saveNewUser request, effectively hijacking administrator authe...