Lucene search

MitreCVE-2010-4121

HistoryOct 28, 2010 - 9:00 p.m.

CVE-2010-4121

2010-10-2821:00:14

CWE-287

mitre

web.nvd.nist.gov

ibm

tivoli

provisioning manager

os deployment

7.1.1.3

tcp

odbc

gateway

sql

authentication

remote attack

database

vulnerability

cve-2010-4121

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.4

Confidence

Low

EPSS

0.006

Percentile

79.3%

JSON

The TCP-to-ODBC gateway in IBM Tivoli Provisioning Manager for OS Deployment 7.1.1.3 does not require authentication for SQL statements, which allows remote attackers to modify, create, or read database records via a session on TCP port 2020. NOTE: the vendor disputes this issue, stating that the "default Microsoft Access database is not password protected because it is intended to be used for evaluation purposes only.

Affected configurations

Nvd

Node

ibmtivoli_provisioning_manager_os_deploymentMatch7.1.1.3

VendorProductVersionCPE
ibmtivoli_provisioning_manager_os_deployment7.1.1.3cpe:2.3:a:ibm:tivoli_provisioning_manager_os_deployment:7.1.1.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	tivoli_provisioning_manager_os_deployment	7.1.1.3	cpe:2.3:a:ibm:tivoli_provisioning_manager_os_deployment:7.1.1.3:::::::*

References

publib.boulder.ibm.com/infocenter/tivihelp/v3r1/index.jsp?topic=%2Fcom.ibm.tivoli.tpm.osd.doc%2Finstall%2Ftosd_setmsacessdbpwd.html

securitytracker.com/id?1024539

www.zerodayinitiative.com/advisories/ZDI-10-194

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.4

Confidence

Low

EPSS

0.006

Percentile

79.3%

JSON

Related for CVE-2010-4121