Unrated severityNVD Advisory· Published Jan 18, 2011· Updated Apr 29, 2026

CVE-2011-0489

Description

The server components in Objectivity/DB 10.0 do not require authentication for administrative commands, which allows remote attackers to modify data, obtain sensitive information, or cause a denial of service by sending requests over TCP to (1) the Lock Server or (2) the Advanced Multithreaded Server, as demonstrated by commands that are ordinarily sent by the (a) ookillls and (b) oostopams applications. NOTE: some of these details are obtained from third party information.

Affected products

Objectivity/Objectivity\/db
cpe:2.3:a:objectivity:objectivity\/db:10.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/15988nvdExploit
secunia.com/advisories/42901nvdVendor Advisory
www.vupen.com/english/advisories/2011/0127nvdVendor Advisory
www.kb.cert.org/vuls/id/782567nvdUS Government Resource
osvdb.org/70424nvd
www.securityfocus.com/bid/45803nvd
exchange.xforce.ibmcloud.com/vulnerabilities/64699nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.020
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000