IBM : Security Vulnerabilities, CVEs, Published In 2010 (Gain Privilege) CVSS score >= 7
The TCP-to-ODBC gateway in IBM Tivoli Provisioning Manager for OS Deployment 7.1.1.3 does not require authentication for SQL statements, which allows remote attackers to modify, create, or read database records via a session on TCP port 2020. NOTE: the vendor disputes this issue, stating that the "default Microsoft Access database is not password protected because it is intended to be used for evaluation purposes only.
Max CVSS
7.5
EPSS Score
0.31%
Published
2010-10-28
Updated
2024-04-11
The ESSearchApplication directory tree in IBM OmniFind Enterprise Edition 8.x and 9.x does not require authentication, which allows remote attackers to modify the server configuration via a request to palette.do.
Max CVSS
7.5
EPSS Score
1.19%
Published
2010-11-12
Updated
2018-10-10
2 vulnerabilities found