SQL Injection Vulnerability in IBM Tivoli Provisioning Manager for OS Deployment
CVE-2010-4121

Currently unrated

Key Information:

Vendor: IBM
Status: Tivoli Provisioning Manager Os Deployment
Vendor: CVE Published:; 28 October 2010

Summary

The TCP-to-ODBC gateway in IBM Tivoli Provisioning Manager for OS Deployment 7.1.1.3 lacks proper authentication for SQL statements, enabling remote attackers to exploit this access via TCP port 2020. This vulnerability allows them to modify, create, or read sensitive database records without authorization, significantly risking database integrity and security, particularly since the default Microsoft Access database is unprotected for evaluation purposes.

References

http://www.zerodayinitiative.com/advisories/ZDI-10-194

x_refsource_MISC

http://publib.boulder.ibm.com/infocenter/tivihelp/v3r1/in...

x_refsource_MISC

http://securitytracker.com/id?1024539

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Oct 28, 2010