CVE-2010-4236

2010-11-1222:00:02

[email protected]

web.nvd.nist.gov

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.2

Confidence

Low

EPSS

Percentile

9.8%

JSON

Untrusted search path vulnerability in estaskwrapper in IBM OmniFind Enterprise Edition before 9.1 allows local users to gain privileges via an ES_LIBRARY_PATH environment variable and a modified PATH environment variable, which is used during execution of the estasklight program, a different vulnerability than CVE-2010-3895.

Affected configurations

Nvd

Node

ibmomnifindRange≤9.0-enterprise

ibmomnifindMatch6.1-enterprise

ibmomnifindMatch8.0-enterprise

ibmomnifindMatch8.4-enterprise

ibmomnifindMatch8.5-enterprise

VendorProductVersionCPE
ibmomnifind*cpe:2.3:a:ibm:omnifind:*:-:enterprise:*:*:*:*:*
ibmomnifind6.1cpe:2.3:a:ibm:omnifind:6.1:-:enterprise:*:*:*:*:*
ibmomnifind8.0cpe:2.3:a:ibm:omnifind:8.0:-:enterprise:*:*:*:*:*
ibmomnifind8.4cpe:2.3:a:ibm:omnifind:8.4:-:enterprise:*:*:*:*:*
ibmomnifind8.5cpe:2.3:a:ibm:omnifind:8.5:-:enterprise:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	omnifind	*	cpe:2.3:a:ibm:omnifind::-:enterprise:::::
ibm	omnifind	6.1	cpe:2.3:a:ibm:omnifind:6.1:-:enterprise:::::*
ibm	omnifind	8.0	cpe:2.3:a:ibm:omnifind:8.0:-:enterprise:::::*
ibm	omnifind	8.4	cpe:2.3:a:ibm:omnifind:8.4:-:enterprise:::::*
ibm	omnifind	8.5	cpe:2.3:a:ibm:omnifind:8.5:-:enterprise:::::*