Description
The server components in Objectivity/DB 10.0 do not require authentication for administrative commands, which allows remote attackers to modify data, obtain sensitive information, or cause a denial of service by sending requests over TCP to (1) the Lock Server or (2) the Advanced Multithreaded Server, as demonstrated by commands that are ordinarily sent by the (a) ookillls and (b) oostopams applications. NOTE: some of these details are obtained from third party information.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Jeremy Brown · pythondoswindows
https://www.exploit-db.com/exploits/15988
References (7)
Core 7
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/42901
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/15988
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/64699
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/70424
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/782567
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/45803
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0127
Scores
EPSS
0.2462
EPSS Percentile
96.2%
Details
CWE
CWE-287
Status
published
Products (1)
objectivity/objectivity\/db
10.0
Published
Jan 18, 2011
Tracked Since
Feb 18, 2026