Vulnerability Description
Untrusted search path vulnerability in estaskwrapper in IBM OmniFind Enterprise Edition before 9.1 allows local users to gain privileges via an ES_LIBRARY_PATH environment variable and a modified PATH environment variable, which is used during execution of the estasklight program, a different vulnerability than CVE-2010-3895.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Omnifind | <= 9.0 |
References
- http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txtExploit
- http://www.exploit-db.com/exploits/15475Exploit
- http://www.securityfocus.com/archive/1/514688/100/0/threaded
- http://www.securityfocus.com/bid/44740Exploit
- http://www.vupen.com/english/advisories/2010/2933Vendor Advisory
- http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txtExploit
- http://www.exploit-db.com/exploits/15475Exploit
- http://www.securityfocus.com/archive/1/514688/100/0/threaded
- http://www.securityfocus.com/bid/44740Exploit
- http://www.vupen.com/english/advisories/2010/2933Vendor Advisory
FAQ
What is CVE-2010-4236?
CVE-2010-4236 is a vulnerability with a CVSS score of 6.9 (MEDIUM). Untrusted search path vulnerability in estaskwrapper in IBM OmniFind Enterprise Edition before 9.1 allows local users to gain privileges via an ES_LIBRARY_PATH environment variable and a modified PATH...
How severe is CVE-2010-4236?
CVE-2010-4236 has been rated MEDIUM with a CVSS base score of 6.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-4236?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Omnifind.