Lucene search

[email protected]CVE-2010-3491

HistoryOct 26, 2010 - 7:00 p.m.

CVE-2010-3491

2010-10-2619:00:02

CWE-20

[email protected]

web.nvd.nist.gov

cve

tibco

activematrix

remote code execution

information disclosure

security vulnerability

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.9 High

AI Score

Confidence

Low

0.097 Low

EPSS

Percentile

94.8%

JSON

The (1) ActiveMatrix Runtime and (2) ActiveMatrix Administrator components in TIBCO ActiveMatrix Service Grid before 2.3.1, ActiveMatrix Service Bus before 2.3.1, ActiveMatrix BusinessWorks Service Engine before 5.8.1, and ActiveMatrix Service Performance Manager before 1.3.2 do not properly handle JMX connections, which allows remote attackers to execute arbitrary code, obtain sensitive information, or cause a denial of service via unspecified vectors.

Affected configurations

NVD

Node

tibcoactivematrix_businessworks_service_engineRange≤5.8.0

tibcoactivematrix_service_busRange≤2.3.0

tibcoactivematrix_service_gridRange≤2.3.0

tibcoactivematrix_service_performance_managerRange≤1.3.1

CPENameOperatorVersion
tibco:activematrix_businessworks_service_enginetibco activematrix businessworks service enginele5.8.0
tibco:activematrix_service_bustibco activematrix service busle2.3.0
tibco:activematrix_service_gridtibco activematrix service gridle2.3.0
tibco:activematrix_service_performance_managertibco activematrix service performance managerle1.3.1

CPE	Name	Operator	Version
tibco:activematrix_businessworks_service_engine	tibco activematrix businessworks service engine	le	5.8.0
tibco:activematrix_service_bus	tibco activematrix service bus	le	2.3.0
tibco:activematrix_service_grid	tibco activematrix service grid	le	2.3.0
tibco:activematrix_service_performance_manager	tibco activematrix service performance manager	le	1.3.1

References

secunia.com/advisories/41891

www.securityfocus.com/bid/44254

www.tibco.com/multimedia/activematrix_advisory_tcm8-12488.txt

www.tibco.com/services/support/advisories/activematrix-advisory_20101019.jsp

www.vupen.com/english/advisories/2010/2747

exchange.xforce.ibmcloud.com/vulnerabilities/62674

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.9 High

AI Score

Confidence

Low

0.097 Low

EPSS

Percentile

94.8%

JSON

Related for CVE-2010-3491

prion1 nvd1 tibco1 cvelist1