Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The administrator interface in IBM OmniFind Enterprise Edition 8.x and 9.x does not restrict use of a session ID (aka SID) value to a single IP address, which allows remote attackers to perform arbitrary administrative actions by leveraging cookie theft, related to a "session impersonation" issue.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
IBM OmniFind管理员界面授权问题漏洞
Vulnerability Description
IBM OmniFind Enterprise Edition提供可靠的企业内部网,公共Web站点和信息提取应用。 IBM OmniFind Enterprise Edition 8.x和9.x版本中的管理员界面无法限制用于单个IP地址的会话ID(又名SID)值。远程攻击者可以利用cookie盗取执行任意管理操作。该漏洞与"会话实现"问题有关。
CVSS Information
N/A
Vulnerability Type
N/A