Lucene search

[email protected]CVE-2010-3894

HistoryNov 12, 2010 - 10:00 p.m.

CVE-2010-3894

2010-11-1222:00:02

CWE-119

[email protected]

web.nvd.nist.gov

cve-2010-3894

buffer overflow

java

ibm omnifind enterprise

security vulnerability

nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8 High

AI Score

Confidence

Low

0.496 Medium

EPSS

Percentile

97.5%

JSON

Stack-based buffer overflow in the Java_com_ibm_es_oss_CryptionNative_ESEncrypt function in /opt/IBM/es/lib/libffq.cryptionjni.so in the login form in the administration interface in IBM OmniFind Enterprise Edition before 8.5 FP6 allows remote attackers to execute arbitrary code via a long password.

Affected configurations

NVD

Node

ibmomnifindRange≤8.5-enterprise

ibmomnifindMatch6.1-enterprise

ibmomnifindMatch8.0-enterprise

ibmomnifindMatch8.4-enterprise

CPENameOperatorVersion
ibm:omnifindibm omnifindle8.5
ibm:omnifindibm omnifindeq6.1
ibm:omnifindibm omnifindeq8.0
ibm:omnifindibm omnifindeq8.4

CPE	Name	Operator	Version
ibm:omnifind	ibm omnifind	le	8.5
ibm:omnifind	ibm omnifind	eq	6.1
ibm:omnifind	ibm omnifind	eq	8.0
ibm:omnifind	ibm omnifind	eq	8.4

References

security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt

www.exploit-db.com/exploits/15474

www.osvdb.org/69079

www.securityfocus.com/archive/1/514688/100/0/threaded

www.securityfocus.com/bid/44740

www.vupen.com/english/advisories/2010/2933

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8 High

AI Score

Confidence

Low

0.496 Medium

EPSS

Percentile

97.5%

JSON

Related for CVE-2010-3894

exploitpack1 cvelist1 nvd1 prion1 exploitdb1 packetstorm1 securityvulns2