Intrusion PreventionIBM.OmniFind.Security.Do.CSRF
Description
This indicates an attempt to exploit a Cross Site Request Forgery (CSRF) vulnerability in the administrator interface of IBM OmniFind Enterprise Edition.
The vulnerability is due to input validation errors in the "security.do" script. It can be exploited by attackers to cause malicious script code to be executed by a user's browser.
Affected Products
IBM OmniFind Enterprise Edition before 9.1
Impact
System Compromise: Remote script execution.
Recommended Actions
Contact your vendor for upgrade or patch information.
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Status | Detail |
|---|---|---|---|
| 2021-01-11 | 16.995 |
Removed
|
| ID | 26018 |
| Created | Jun 08, 2011 |
| Updated | Nov 03, 2021 |
| CVE ID | |
| Risk |
|
| Exploit Prediction Score | 3.29% |
| Default Action | drop |
| Active | |
| Affected OS | All |
| Affected App | IBM |
| Profile Type | CSRF |