CVE-2011-0489

Name of the Vulnerable Software and Affected Versions Objectivity/DB version 10.0

Description The issue allows remote attackers to modify data, obtain sensitive information, or cause a denial of service. This is possible because the server components do not require authentication for administrative commands. Attackers can send requests over TCP to the Lock Server or the Advanced Multithreaded Server. Examples of commands that can be sent include those ordinarily used by the ookillls and oostopams applications.

Recommendations For Objectivity/DB version 10.0, consider implementing authentication for administrative commands to prevent unauthorized access. As a temporary workaround, restrict access to the Lock Server and the Advanced Multithreaded Server to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.