QwikSec

Security Database

CVE

CWE

Training

CVE-2010-4121

Published: Oct 28, 2010

Modified: Sep 17, 2024

PUBLISHED

Description

The TCP-to-ODBC gateway in IBM Tivoli Provisioning Manager for OS Deployment 7.1.1.3 does not require authentication for SQL statements, which allows remote attackers to modify, create, or read database records via a session on TCP port 2020. NOTE: the vendor disputes this issue, stating that the "default Microsoft Access database is not password protected because it is intended to be used for evaluation purposes only.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www.zerodayinitiative.com/advisories/ZDI-10-194

x_refsource_MISC

http://publib.boulder.ibm.com/infocenter/tivihelp/v3r1/index.jsp?topic=%2Fcom.ibm.tivoli.tpm.osd.doc%2Finstall%2Ftosd_setmsacessdbpwd.html

x_refsource_MISC

vdb-entry

x_refsource_SECTRACK

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.