VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
[ about VRDA Feed | JPCERT/CC



 
Vulnerability Analysis Result (Revision No : 1) [ Download XML
CVE-2010-3895
omnifind: esRunCommand in IBM OmniFind Enterprise Edition bef...
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3895

Original

esRunCommand in IBM OmniFind Enterprise Edition before 9.1 allows local users to gain privileges by specifying an arbitrary command name as the first argument.

Translation   (Show)





About This Analysis Information
Analysis Information Provider:
NIST NVD
First Published:
2010-11-12
Source Information Category:
Advisory, Alert
Last Updated:
2010-11-15




Affected Product Tags
cpe:/a:ibm:omnifind:6.1:-:enterprise
cpe:/a:ibm:omnifind:8.0:-:enterprise
cpe:/a:ibm:omnifind:8.4:-:enterprise
cpe:/a:ibm:omnifind:8.5:-:enterprise
cpe:/a:ibm:omnifind:9.0:-:enterprise
 


Vulnerability Analysis Results
[Access Vector]  [?]
Undefined [?]

X Local [?]
Adjacent Network [?]
Network [?]
[Access Complexit]  [?]
Undefined [?]

High [?]
Medium [?]
X Low [?]
[Authentication]  [?]
Undefined [?]

Multiple [?]
Single [?]
X None [?]
[Confidentiality Impact]  [?]
Undefined [?]

None [?]
Partial [?]
X Complete [?]
[Integrity Impact]  [?]
Undefined [?]

None [?]
Partial [?]
X Complete [?]
[Availability Impact]  [?]
Undefined [?]

None [?]
Partial [?]
X Complete [?]
Alternatives




References
BID 44740




BUGTRAQ 20101109 IBM OmniFind - several vulnerabilities




EXPLOIT-DB 15475




MISC http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt




VUPEN ADV-2010-2933




Vulnerability Type Permissions, Privileges, and Access Control (CWE-264)




Copyright © 2010 JPCERT/CC All Rights Reserved.