CyberSec.Space Logo
返回 CVE 浏览器

CVE-2010-4121

HIGH
7.5
CVSS Severity Score
EPSS Score0.0230%
EPSS Percentile2.38th
Published2010年10月28日
Last Modified2026年4月29日

Vulnerability Description

The TCP-to-ODBC gateway in IBM Tivoli Provisioning Manager for OS Deployment 7.1.1.3 does not require authentication for SQL statements, which allows remote attackers to modify, create, or read database records via a session on TCP port 2020. NOTE: the vendor disputes this issue, stating that the "default Microsoft Access database is not password protected because it is intended to be used for evaluation purposes only.

Affected Platforms (CPE)

📦
Ibm

Tivoli Provisioning Manager Os Deployment

= 7.1.1.3

References & Advisories

🔗 http://publib.boulder.ibm.com/infocenter/tivihelp/v3r1/index.jsp?topic=%2Fcom.ibm.tivoli.tpm.osd.doc%2Finstall%2Ftosd_setmsacessdbpwd.html
🔗 http://securitytracker.com/id?1024539
🔗 http://www.zerodayinitiative.com/advisories/ZDI-10-194
🔗 http://publib.boulder.ibm.com/infocenter/tivihelp/v3r1/index.jsp?topic=%2Fcom.ibm.tivoli.tpm.osd.doc%2Finstall%2Ftosd_setmsacessdbpwd.html
🔗 http://securitytracker.com/id?1024539
🔗 http://www.zerodayinitiative.com/advisories/ZDI-10-194

相关漏洞威胁

CVE-2007-186810.0

The management service in IBM Tivoli Provisioning Manager for OS Deployment before 5.1 Fix Pack 2 does not properly handle multipa...

CVE-2008-040110.0

Buffer overflow in the logging functionality of the HTTP server in IBM Tivoli Provisioning Manager for OS Deployment (TPMfOSD) bef...

CVE-2007-32687.5

The TFTP implementation in IBM Tivoli Provisioning Manager for OS Deployment 5.1 before Fix Pack 3 allows remote attackers to caus...

CVE-2010-104110.0

Unspecified vulnerability in the single sign-on functionality in the Web Services implementation in IBM DB2 Content Manager (CM) T...