1. CVE-Search
  2. CVE-2010-4236
ID CVE-2010-4236
Summary Untrusted search path vulnerability in estaskwrapper in IBM OmniFind Enterprise Edition before 9.1 allows local users to gain privileges via an ES_LIBRARY_PATH environment variable and a modified PATH environment variable, which is used during execution of the estasklight program, a different vulnerability than CVE-2010-3895. Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path'
References
Vulnerable Configurations
  • cpe:2.3:a:ibm:omnifind:6.1:-:enterprise:*:*:*:*:*
    cpe:2.3:a:ibm:omnifind:6.1:-:enterprise:*:*:*:*:*
  • cpe:2.3:a:ibm:omnifind:8.0:-:enterprise:*:*:*:*:*
    cpe:2.3:a:ibm:omnifind:8.0:-:enterprise:*:*:*:*:*
  • cpe:2.3:a:ibm:omnifind:8.4:-:enterprise:*:*:*:*:*
    cpe:2.3:a:ibm:omnifind:8.4:-:enterprise:*:*:*:*:*
  • cpe:2.3:a:ibm:omnifind:8.5:-:enterprise:*:*:*:*:*
    cpe:2.3:a:ibm:omnifind:8.5:-:enterprise:*:*:*:*:*
  • cpe:2.3:a:ibm:omnifind:*:-:enterprise:*:*:*:*:*
    cpe:2.3:a:ibm:omnifind:*:-:enterprise:*:*:*:*:*
CVSS
Base: 6.9 (as of 10-10-2018 - 20:07)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:M/Au:N/C:C/I:C/A:C
refmap via4
bid 44740
bugtraq 20101109 IBM OmniFind - several vulnerabilities
exploit-db 15475
misc http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt
vupen ADV-2010-2933
Last major update 10-10-2018 - 20:07
Published 12-11-2010 - 22:00
Last modified 10-10-2018 - 20:07
Back to Top