Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-3895

CWE-2644 documents4 sources
Severity
7.2HIGH
EPSS
1.1%
top 21.83%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
IBM Omnifind
Timeline
PublishedNov 12
Latest updateMay 14

Description

esRunCommand in IBM OmniFind Enterprise Edition before 9.1 allows local users to gain privileges by specifying an arbitrary command name as the first argument.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

NVDibm/omnifind9.0+3

🔴Vulnerability Details

2
GHSA
GHSA-rhc9-w9j2-xc59: esRunCommand in IBM OmniFind Enterprise Edition before 92022-05-14
CVEList
CVE-2010-3895: esRunCommand in IBM OmniFind Enterprise Edition before 92010-11-12

💥Exploits & PoCs

1
Exploit-DB
IBM OmniFind - Local Privilege Escalation2010-11-09
CVE-2010-3895 (HIGH CVSS 7.2) | esRunCommand in IBM OmniFind Enterp | cvebase.io