Lucene search

K
cve[email protected]CVE-2010-3491
HistoryOct 26, 2010 - 7:00 p.m.

CVE-2010-3491

2010-10-2619:00:02
CWE-20
web.nvd.nist.gov
19
cve
tibco
activematrix
remote code execution
information disclosure
security vulnerability

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.9 High

AI Score

Confidence

Low

0.097 Low

EPSS

Percentile

94.8%

The (1) ActiveMatrix Runtime and (2) ActiveMatrix Administrator components in TIBCO ActiveMatrix Service Grid before 2.3.1, ActiveMatrix Service Bus before 2.3.1, ActiveMatrix BusinessWorks Service Engine before 5.8.1, and ActiveMatrix Service Performance Manager before 1.3.2 do not properly handle JMX connections, which allows remote attackers to execute arbitrary code, obtain sensitive information, or cause a denial of service via unspecified vectors.

Affected configurations

NVD
Node
tibcoactivematrix_businessworks_service_engineRange5.8.0
OR
tibcoactivematrix_service_busRange2.3.0
OR
tibcoactivematrix_service_gridRange2.3.0
OR
tibcoactivematrix_service_performance_managerRange1.3.1

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.9 High

AI Score

Confidence

Low

0.097 Low

EPSS

Percentile

94.8%

Related for CVE-2010-3491