Privilege Escalation in IBM OmniFind Enterprise Edition
CVE-2010-3895

Currently unrated

Key Information:

Vendor: IBM
Status: Omnifind
Vendor: CVE Published:; 12 November 2010

Summary

In IBM OmniFind Enterprise Edition prior to version 9.1, a security vulnerability exists in the esRunCommand function that enables local users to escalate their privileges. By manipulating the first argument passed to this function to specify an arbitrary command, an attacker can execute commands with elevated permissions. This vulnerability exposes systems to potential unauthorized access and control, making it crucial for users to apply the latest updates to protect their environments.

References

http://www.securityfocus.com/archive/1/514688/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.exploit-db.com/exploits/15475

exploitx_refsource_EXPLOIT-DB

http://www.securityfocus.com/bid/44740

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Nov 12, 2010
Vulnerability Reserved
Oct 12, 2010