Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2010-4121
HistoryOct 03, 2022 - 4:21 p.m.

CVE-2010-4121

2022-10-0316:21:04
CWE-287
[email protected]
web.nvd.nist.gov
29
ibm
tivoli
provisioning manager
os deployment
7.1.1.3
tcp
odbc
gateway
sql
authentication
remote attack
database
vulnerability
cve-2010-4121
nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.2%

JSON

The TCP-to-ODBC gateway in IBM Tivoli Provisioning Manager for OS Deployment 7.1.1.3 does not require authentication for SQL statements, which allows remote attackers to modify, create, or read database records via a session on TCP port 2020. NOTE: the vendor disputes this issue, stating that the "default Microsoft Access database is not password protected because it is intended to be used for evaluation purposes only.

Affected configurations

NVD
Node
ibmtivoli_provisioning_manager_os_deploymentMatch7.1.1.3

Related

prion 1
cvelist 1
nvd 1
prion
prion
Authentication flaw
2010-10-28 21:00:00
cvelist
cvelist
CVE-2010-4121
2022-10-03 16:21:04
nvd
nvd
CVE-2010-4121
2010-10-28 21:00:14

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.2%

JSON
Related for CVE-2010-4121
prion1cvelist1nvd1