Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2010-4236
4 documents4 sources
Severity
6.9MEDIUM
EPSS
0.9%
top 24.25%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedNov 12
Latest updateMay 14
Description
Untrusted search path vulnerability in estaskwrapper in IBM OmniFind Enterprise Edition before 9.1 allows local users to gain privileges via an ES_LIBRARY_PATH environment variable and a modified PATH environment variable, which is used during execution of the estasklight program, a different vulnerability than CVE-2010-3895.
CVSS vector
AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0