Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The server components in Objectivity/DB 10.0 do not require authentication for administrative commands, which allows remote attackers to modify data, obtain sensitive information, or cause a denial of service by sending requests over TCP to (1) the Lock Server or (2) the Advanced Multithreaded Server, as demonstrated by commands that are ordinarily sent by the (a) ookillls and (b) oostopams applications. NOTE: some of these details are obtained from third party information.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Objectivity/DB服务器组件信息泄露和拒绝服务漏洞
Vulnerability Description
Objectivity/DB 是一个面向对象的数据库系统,由美国objectivity公司研制,是一个商品化的系统。 Objectivity/DB 10.0中的服务器组件没有请求对管理命令的验证。远程攻击者可以通过发送对(1)Lock Server或者(2)Multithreaded Server的TCP请求修改数据,获取敏感信息,或导致拒绝服务。该漏洞已经通过(a)ookillls和(b)oostopams应用程序正常发送的命令得到证实。
CVSS Information
N/A
Vulnerability Type
N/A