Vulnerabilities > CVE-2010-4236 - Multiple vulnerability in RETIRED: IBM OmniFind
Attack vector
LOCAL Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Untrusted search path vulnerability in estaskwrapper in IBM OmniFind Enterprise Edition before 9.1 allows local users to gain privileges via an ES_LIBRARY_PATH environment variable and a modified PATH environment variable, which is used during execution of the estasklight program, a different vulnerability than CVE-2010-3895. Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path'
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 5 |
Exploit-Db
description | IBM OmniFind - Privilege Escalation Vulnerability. CVE-2010-3895,CVE-2010-4236. Local exploits for multiple platform |
file | exploits/multiple/local/15475.txt |
id | EDB-ID:15475 |
last seen | 2016-02-01 |
modified | 2010-11-09 |
platform | multiple |
port | |
published | 2010-11-09 |
reporter | Fatih Kilic |
source | https://www.exploit-db.com/download/15475/ |
title | IBM OmniFind - Privilege Escalation Vulnerability |
type | local |