CVE-2010-4121

Опубликовано: 28 окт. 2010

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

The TCP-to-ODBC gateway in IBM Tivoli Provisioning Manager for OS Deployment 7.1.1.3 does not require authentication for SQL statements, which allows remote attackers to modify, create, or read database records via a session on TCP port 2020. NOTE: the vendor disputes this issue, stating that the "default Microsoft Access database is not password protected because it is intended to be used for evaluation purposes only.

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ibm:tivoli_provisioning_manager_os_deployment:7.1.1.3:*:*:*:*:*:*:*

EPSS

Процентиль: 75%

0.00923

Низкий

7.5 High

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-w75g-4cx7-2225

github

больше 3 лет назад

** DISPUTED ** The TCP-to-ODBC gateway in IBM Tivoli Provisioning Manager for OS Deployment 7.1.1.3 does not require authentication for SQL statements, which allows remote attackers to modify, create, or read database records via a session on TCP port 2020. NOTE: the vendor disputes this issue, stating that the "default Microsoft Access database is not password protected because it is intended to be used for evaluation purposes only."