CVE-2010-4121 Information
Share on:Description
LICENSE README.md cvefilelist cvelist nvdcve nvdpages.sh scripts test-CVE-2017-1882.markdown test-CVE-2017-18822.markdown tmpvendorlinks DISPUTED LICENSE README.md cvefilelist cvelist nvdcve nvdpages.sh scripts test-CVE-2017-1882.markdown test-CVE-2017-18822.markdown tmpvendorlinks The TCP-to-ODBC gateway in IBM Tivoli Provisioning Manager for OS Deployment 7.1.1.3 does not require authentication for SQL statements which allows remote attackers to modify create or read database records via a session on TCP port 2020. NOTE: the vendor disputes this issue stating that the \default Microsoft Access database is not password protected because it is intended to be used for evaluation purposes only.\
Reference
http://publib.boulder.ibm.com/infocenter/tivihelp/v3r1/index.jsp?topic=2Fcom.ibm.tivoli.tpm.osd.doc2Finstall2Ftosd_setmsacessdbpwd.html http://securitytracker.com/id?1024539 http://www.zerodayinitiative.com/advisories/ZDI-10-194