CVE-2010-4121
IBM Tivoli Provisioning Manager 7.1.1.3 - Unauthenticated SQL Command Execution
Title source: llmDescription
The TCP-to-ODBC gateway in IBM Tivoli Provisioning Manager for OS Deployment 7.1.1.3 does not require authentication for SQL statements, which allows remote attackers to modify, create, or read database records via a session on TCP port 2020. NOTE: the vendor disputes this issue, stating that the "default Microsoft Access database is not password protected because it is intended to be used for evaluation purposes only.
References (3)
Core 3
Core References
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-10-194
Various Sources x_refsource_misc
http://publib.boulder.ibm.com/infocenter/tivihelp/v3r1/index.jsp?topic=%2Fcom.ibm.tivoli.tpm.osd.doc%2Finstall%2Ftosd_setmsacessdbpwd.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1024539
Scores
EPSS
0.0322
EPSS Percentile
86.6%
Details
CWE
CWE-287
Status
published
Products (1)
ibm/tivoli_provisioning_manager_os_deployment
7.1.1.3
Published
Oct 28, 2010
Tracked Since
Feb 18, 2026