Vulnerability Details : CVE-2010-3895
esRunCommand in IBM OmniFind Enterprise Edition before 9.1 allows local users to gain privileges by specifying an arbitrary command name as the first argument.
Exploit prediction scoring system (EPSS) score for CVE-2010-3895
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-3895
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
CWE ids for CVE-2010-3895
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-3895
-
http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt
Exploit
-
http://www.securityfocus.com/bid/44740
RETIRED: IBM OmniFind Multiple Vulnerabilities
-
http://www.securityfocus.com/archive/1/514688/100/0/threaded
SecurityFocus
-
http://www.exploit-db.com/exploits/15475
IBM OmniFind - Local Privilege Escalation - Multiple local ExploitExploit
-
http://www.vupen.com/english/advisories/2010/2933
Webmail | OVH- OVHVendor Advisory
Products affected by CVE-2010-3895
- cpe:2.3:a:ibm:omnifind:*:-:enterprise:*:*:*:*:*
- cpe:2.3:a:ibm:omnifind:8.0:-:enterprise:*:*:*:*:*
- cpe:2.3:a:ibm:omnifind:8.4:-:enterprise:*:*:*:*:*
- cpe:2.3:a:ibm:omnifind:8.5:-:enterprise:*:*:*:*:*