Vulnerability CVE-2010-3491


Published: 2010-10-26   Modified: 2012-02-13

Description:
The (1) ActiveMatrix Runtime and (2) ActiveMatrix Administrator components in TIBCO ActiveMatrix Service Grid before 2.3.1, ActiveMatrix Service Bus before 2.3.1, ActiveMatrix BusinessWorks Service Engine before 5.8.1, and ActiveMatrix Service Performance Manager before 1.3.2 do not properly handle JMX connections, which allows remote attackers to execute arbitrary code, obtain sensitive information, or cause a denial of service via unspecified vectors.

Type:

CWE-20

(Improper Input Validation)

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Tibco -> Activematrix businessworks service engine 
Tibco -> Activematrix service bus 
Tibco -> Activematrix service grid 
Tibco -> Activematrix service performance manager 

 References:
http://www.tibco.com/services/support/advisories/activematrix-advisory_20101019.jsp
http://xforce.iss.net/xforce/xfdb/62674
http://www.vupen.com/english/advisories/2010/2747
http://www.tibco.com/multimedia/activematrix_advisory_tcm8-12488.txt
http://www.securityfocus.com/bid/44254
http://secunia.com/advisories/41891

Copyright 2020, cxsecurity.com

 

Back to Top