CVE-2010-4236

2010-11-12T22:00:00
ID CVE-2010-4236
Type cve
Reporter cve@mitre.org
Modified 2018-10-10T20:07:00

Description

Untrusted search path vulnerability in estaskwrapper in IBM OmniFind Enterprise Edition before 9.1 allows local users to gain privileges via an ES_LIBRARY_PATH environment variable and a modified PATH environment variable, which is used during execution of the estasklight program, a different vulnerability than CVE-2010-3895. Per: http://cwe.mitre.org/data/definitions/426.html

'CWE-426: Untrusted Search Path'