CVE-2010-4236

Name of the Vulnerable Software and Affected Versions IBM OmniFind Enterprise Edition versions prior to 9.1

Description The issue allows local users to gain privileges through an untrusted search path vulnerability in the estaskwrapper component. This is achieved by manipulating the ES LIBRARY PATH environment variable and the PATH environment variable, which is utilized during the execution of the estasklight program.

Recommendations For versions prior to 9.1, update to version 9.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the estaskwrapper component and limiting modifications to the ES LIBRARY PATH and PATH environment variables to minimize the risk of exploitation.