Lucene search

K
cve[email protected]CVE-2010-3894
HistoryNov 12, 2010 - 10:00 p.m.

CVE-2010-3894

2010-11-1222:00:02
CWE-119
web.nvd.nist.gov
25
cve-2010-3894
buffer overflow
java
ibm omnifind enterprise
security vulnerability
nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8 High

AI Score

Confidence

Low

0.496 Medium

EPSS

Percentile

97.5%

Stack-based buffer overflow in the Java_com_ibm_es_oss_CryptionNative_ESEncrypt function in /opt/IBM/es/lib/libffq.cryptionjni.so in the login form in the administration interface in IBM OmniFind Enterprise Edition before 8.5 FP6 allows remote attackers to execute arbitrary code via a long password.

Affected configurations

NVD
Node
ibmomnifindRange8.5-enterprise
OR
ibmomnifindMatch6.1-enterprise
OR
ibmomnifindMatch8.0-enterprise
OR
ibmomnifindMatch8.4-enterprise

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8 High

AI Score

Confidence

Low

0.496 Medium

EPSS

Percentile

97.5%