Vulnerabilities > CVE-2010-4236 - Multiple vulnerability in RETIRED: IBM OmniFind

CVSS 6.9 - MEDIUM

Attack vector

LOCAL

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

ibm

exploit available

NVD

Published: 2010-11-12

Updated: 2018-10-10

Summary

Untrusted search path vulnerability in estaskwrapper in IBM OmniFind Enterprise Edition before 9.1 allows local users to gain privileges via an ES_LIBRARY_PATH environment variable and a modified PATH environment variable, which is used during execution of the estasklight program, a different vulnerability than CVE-2010-3895. Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path'

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Omnifind 6.1 IBM Omnifind 8.0 IBM Omnifind 8.4 IBM Omnifind 8.5 IBM Omnifind *	5

Exploit-Db

description	IBM OmniFind - Privilege Escalation Vulnerability. CVE-2010-3895,CVE-2010-4236. Local exploits for multiple platform
file	exploits/multiple/local/15475.txt
id	EDB-ID:15475
last seen	2016-02-01
modified	2010-11-09
platform	multiple
port
published	2010-11-09
reporter	Fatih Kilic
source	https://www.exploit-db.com/download/15475/
title	IBM OmniFind - Privilege Escalation Vulnerability
type	local

Summary

Vulnerable Configurations

Exploit-Db

References