CyberSec.Space Logo
Back to CVE Browser

CVE-2010-4121

HIGH
7.5
CVSS Severity Score
EPSS Score0.0230%
EPSS Percentile2.38th
PublishedOct 28, 2010
Last ModifiedApr 29, 2026

Vulnerability Description

The TCP-to-ODBC gateway in IBM Tivoli Provisioning Manager for OS Deployment 7.1.1.3 does not require authentication for SQL statements, which allows remote attackers to modify, create, or read database records via a session on TCP port 2020. NOTE: the vendor disputes this issue, stating that the "default Microsoft Access database is not password protected because it is intended to be used for evaluation purposes only.

Affected Platforms (CPE)

πŸ“¦
Ibm

Tivoli Provisioning Manager Os Deployment

= 7.1.1.3

References & Advisories

πŸ”— http://publib.boulder.ibm.com/infocenter/tivihelp/v3r1/index.jsp?topic=%2Fcom.ibm.tivoli.tpm.osd.doc%2Finstall%2Ftosd_setmsacessdbpwd.html
πŸ”— http://securitytracker.com/id?1024539
πŸ”— http://www.zerodayinitiative.com/advisories/ZDI-10-194
πŸ”— http://publib.boulder.ibm.com/infocenter/tivihelp/v3r1/index.jsp?topic=%2Fcom.ibm.tivoli.tpm.osd.doc%2Finstall%2Ftosd_setmsacessdbpwd.html
πŸ”— http://securitytracker.com/id?1024539
πŸ”— http://www.zerodayinitiative.com/advisories/ZDI-10-194

Related Vulnerabilities

CVE-2007-186810.0

The management service in IBM Tivoli Provisioning Manager for OS Deployment before 5.1 Fix Pack 2 does not properly handle multipa...

CVE-2008-040110.0

Buffer overflow in the logging functionality of the HTTP server in IBM Tivoli Provisioning Manager for OS Deployment (TPMfOSD) bef...

CVE-2007-32687.5

The TFTP implementation in IBM Tivoli Provisioning Manager for OS Deployment 5.1 before Fix Pack 3 allows remote attackers to caus...

CVE-2010-308510.0

The network-play implementation in Mednafen before 0.8.D might allow remote servers to execute arbitrary code via unspecified vect...