Objectivity/DB includes many different tools for administration. The problem is, anyone can use these tools to perform operations on the host running the lock server, advanced multithreaded server, and probably it's other servers as well, without any authentication. This design flaw puts the host running these servers at risk of potentially unauthorized operations being performed on the system, locally or remotely. This exploit demonstrates this issue and was tested on Objectivity/DB 10 running on Windows.
e70ea4466739e596a06c0f314f33e2954e9ab0e032242029fe9f8ed5bb3c90b8