Omnifind Security Vulnerabilities and Issues — Omnifind CVE List

Lucene search

IbmOmnifind

3 matches found

CVE•added 2010/11/12 10:0 p.m.•36 views

CVE-2010-3898

IBM OmniFind Enterprise Edition 8.x and 9.x does not properly restrict the cookie path of administrator (aka ESAdmin) cookies, which might allow remote attackers to bypass authentication by leveraging access to other pages on the web site.

5CVSS6.9AI score0.0029EPSS

CVE•added 2010/11/12 10:0 p.m.•34 views

CVE-2010-3897

ESSearchApplication/palette.do in IBM OmniFind Enterprise Edition 8.x and 9.x includes the administrator password in the HTML source code, which might allow remote attackers to obtain sensitive information by leveraging read access to this file.

5CVSS5.9AI score0.00286EPSS

CVE•added 2010/11/12 10:0 p.m.•34 views

CVE-2010-3899

IBM OmniFind Enterprise Edition 8.x and 9.x performs web crawls with an unlimited recursion depth, which allows remote web servers to cause a denial of service (infinite loop) via a crafted series of documents.

5CVSS6.3AI score0.10873EPSS