IBM OmniFind: several vulnerabilities

Users of IBM OmniFind please be advised of several vulnerabilities that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

OmniFind-SA-11/09/2010: IBM OmniFind – several vulnerabilities
Technical details:

* Cross-Site-Scripting (XSS) (CVE-2010-3890)

The GET parameter �»command�« used inside the administration interface is
embedded directly into the HTML source without any input validation or
output sanitization. Using this parameter the attacker can inject arbitrary
Javascript code which will be run in the session context of other users.
As session credentials are stored within cookies, an attacker can steal
the cookie information and impersonate (CVE-2010-3893) the session and
control the web application within the browser context of the victim.

* Cross-Site-Request-Forgery (XSRF) (CVE-2010-3891)

The forms in the administrator interface are not protected against XSRF. The
attacker can do any action in the context of the victim.

An example attack scenario could be:
The attacker creates a malicious website with a prepared form to add a new
user, which will be submitted on load.Read more at http://www.criticalwatch.com

 

Advertisements