CVE Daily

CVE-2010-4236

Untrusted search path vulnerability in estaskwrapper in IBM OmniFind Enterprise ...

Medium CVSS 6.9

Overview

Untrusted search path vulnerability in estaskwrapper in IBM OmniFind Enterprise Edition before 9.1 allows local users to gain privileges via an ES_LIBRARY_PATH environment variable and a modified PATH environment variable, which is used during execution of the estasklight program, a different vulnerability than CVE-2010-3895.

CWE: N/A Published: 2010-11-12T22:00:02.453
Risk analysis

This vulnerability is rated 🟡 MEDIUM.

  • CVSS: 6.9 (MEDIUM)
  • Detected tags: none (tag impact: LOW)

Recommended actions:

  • Prioritize remediation based on business criticality and exposure.
  • Limit exposure and increase monitoring until fixed.

Recommended tools

Tags