CVE-2010-3895

Published: Nov 12, 2010Modified: Apr 29, 2026

7.2

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 3.9 / Impact: 10.0

Source: NVD

Description

esRunCommand in IBM OmniFind Enterprise Edition before 9.1 allows local users to gain privileges by specifying an arbitrary command name as the first argument.

Affected (4)

Products: Ibm: Omnifind

Ibm

1 product

Omnifind

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Ibm Omnifind	Up to 9.0
Ibm Omnifind	Version 8.0
Ibm Omnifind	Version 8.4
Ibm Omnifind	Version 8.5

Related CWEs

CWE-264

References (10)

http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt

Source: cve@mitre.org

Exploit

http://www.exploit-db.com/exploits/15475

Source: cve@mitre.org

Exploit

http://www.securityfocus.com/archive/1/514688/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/44740

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2010/2933

Source: cve@mitre.org

Vendor Advisory

http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt