CVE-2010-4121

Name of the Vulnerable Software and Affected Versions IBM Tivoli Provisioning Manager for OS Deployment version 7.1.1.3

Description The TCP-to-ODBC gateway does not require authentication for SQL statements, allowing remote attackers to modify, create, or read database records via a session on TCP port 2020. The vendor disputes this issue, stating that the default Microsoft Access database is not password protected because it is intended to be used for evaluation purposes only.

Recommendations For IBM Tivoli Provisioning Manager for OS Deployment version 7.1.1.3, consider restricting access to TCP port 2020 to minimize the risk of exploitation. As a temporary workaround, restrict the use of the TCP-to-ODBC gateway until a patch is available or additional security measures are implemented. At the moment, there is no information about a newer version that contains a fix for this vulnerability.