Every CVE whose affected-product data names Ibm Omnifind, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (11)
CVE-2010-3894 — CVSS 9.3 (critical): Stack-based buffer overflow in the Java_com_ibm_es_oss_CryptionNative_ESEncrypt function in /opt/IBM/es/lib/libffq.cryptionjni.so in the…
CVE-2010-3896 — CVSS 7.5 (high): The ESSearchApplication directory tree in IBM OmniFind Enterprise Edition 8.x and 9.x does not require authentication, which allows remote…
CVE-2010-3893 — CVSS 7.5 (high): The administrator interface in IBM OmniFind Enterprise Edition 8.x and 9.x does not restrict use of a session ID (aka SID) value to a…
CVE-2010-3895 — CVSS 7.2 (high): esRunCommand in IBM OmniFind Enterprise Edition before 9.1 allows local users to gain privileges by specifying an arbitrary command name as…
CVE-2010-4236 — CVSS 6.9 (medium): Untrusted search path vulnerability in estaskwrapper in IBM OmniFind Enterprise Edition before 9.1 allows local users to gain privileges…
CVE-2010-3892 — CVSS 6.8 (medium): Session fixation vulnerability in the login form in the administrator interface in IBM OmniFind Enterprise Edition 8.x and 9.x allows…
CVE-2010-3891 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in ESAdmin/security.do in the administrator interface in IBM OmniFind Enterprise Edition…
CVE-2010-3897 — CVSS 5.0 (medium): ESSearchApplication/palette.do in IBM OmniFind Enterprise Edition 8.x and 9.x includes the administrator password in the HTML source code…
CVE-2010-3898 — CVSS 5.0 (medium): IBM OmniFind Enterprise Edition 8.x and 9.x does not properly restrict the cookie path of administrator (aka ESAdmin) cookies, which might…
CVE-2010-3899 — CVSS 5.0 (medium): IBM OmniFind Enterprise Edition 8.x and 9.x performs web crawls with an unlimited recursion depth, which allows remote web servers to cause…
CVE-2010-3890 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in IBM OmniFind Enterprise Edition before 9.1 allows remote attackers to inject arbitrary web…