Vulnerability Description
The server components in Objectivity/DB 10.0 do not require authentication for administrative commands, which allows remote attackers to modify data, obtain sensitive information, or cause a denial of service by sending requests over TCP to (1) the Lock Server or (2) the Advanced Multithreaded Server, as demonstrated by commands that are ordinarily sent by the (a) ookillls and (b) oostopams applications. NOTE: some of these details are obtained from third party information.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Objectivity | Objectivity\/Db | 10.0 |
Related Weaknesses (CWE)
References
- http://osvdb.org/70424
- http://secunia.com/advisories/42901Vendor Advisory
- http://www.exploit-db.com/exploits/15988Exploit
- http://www.kb.cert.org/vuls/id/782567US Government Resource
- http://www.securityfocus.com/bid/45803
- http://www.vupen.com/english/advisories/2011/0127Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64699
- http://osvdb.org/70424
- http://secunia.com/advisories/42901Vendor Advisory
- http://www.exploit-db.com/exploits/15988Exploit
- http://www.kb.cert.org/vuls/id/782567US Government Resource
- http://www.securityfocus.com/bid/45803
- http://www.vupen.com/english/advisories/2011/0127Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64699
FAQ
What is CVE-2011-0489?
CVE-2011-0489 is a vulnerability with a CVSS score of 7.5 (HIGH). The server components in Objectivity/DB 10.0 do not require authentication for administrative commands, which allows remote attackers to modify data, obtain sensitive information, or cause a denial of...
How severe is CVE-2011-0489?
CVE-2011-0489 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-0489?
Check the references section above for vendor advisories and patch information. Affected products include: Objectivity Objectivity\/Db.