CVE-2010-4495 - OpenCVE

Unspecified vulnerability in the ActiveMatrix Runtime component in TIBCO ActiveMatrix Service Grid 3.0.0, 3.0.1, and 3.1.0; ActiveMatrix Service Bus 3.0.0 and 3.0.1; ActiveMatrix BusinessWorks Service Engine 5.9.0; ActiveMatrix BPM 1.0.1 and 1.0.2; Silver BPM Service 1.0.1; and Silver CAP Service 1.0.0 allows remote authenticated users to execute arbitrary code via vectors related to JMX connections.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:S/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Tibco	Activematrix Bpm Activematrix Businessworks Service Engine Activematrix Service Bus Activematrix Service Grid Silver Bpm Service Silver Cap Service

Configuration 1 [-]

OR	cpe:2.3:a:tibco:activematrix_bpm:1.0.1:::::::*
	cpe:2.3:a:tibco:activematrix_bpm:1.0.2:::::::*
	cpe:2.3:a:tibco:activematrix_businessworks_service_engine:5.9.0:::::::*
	cpe:2.3:a:tibco:activematrix_service_bus:3.0.0:::::::*
	cpe:2.3:a:tibco:activematrix_service_bus:3.0.1:::::::*
	cpe:2.3:a:tibco:activematrix_service_grid:3.0.0:::::::*
	cpe:2.3:a:tibco:activematrix_service_grid:3.0.1:::::::*
	cpe:2.3:a:tibco:activematrix_service_grid:3.1.0:::::::*
	cpe:2.3:a:tibco:silver_bpm_service:1.0.1:::::::*
	cpe:2.3:a:tibco:silver_cap_service:1.0.0:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/42640
http://www.securityfocus.com/bid/45400
http://www.securitytracker.com/id?1024894
http://www.tibco.com/multimedia/activematrix_advisory_20101214_tcm8-12728.txt
http://www.vupen.com/english/advisories/2010/3241

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2010-12-17T18:00:00Z

Updated: 2024-09-16T23:51:27.186Z

Reserved: 2010-12-07T00:00:00Z

Link: CVE-2010-4495

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2010-12-17T19:00:23.933

Modified: 2010-12-20T05:00:00.000

Link: CVE-2010-4495

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the ActiveMatrix Runtime component in TIBCO ActiveMatrix Service Grid 3.0.0, 3.0.1, and 3.1.0; ActiveMatrix Service Bus 3.0.0 and 3.0.1; ActiveMatrix BusinessWorks Service Engine 5.9.0; ActiveMatrix BPM 1.0.1 and 1.0.2; Silver BPM Service 1.0.1; and Silver CAP Service 1.0.0 allows remote authenticated users to execute arbitrary code via vectors related to JMX connections."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2010-12-17T18:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "42640", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/42640"}, {"name": "ADV-2010-3241", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/3241"}, {"name": "45400", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/45400"}, {"name": "1024894", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1024894"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.tibco.com/multimedia/activematrix_advisory_20101214_tcm8-12728.txt"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-4495", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in the ActiveMatrix Runtime component in TIBCO ActiveMatrix Service Grid 3.0.0, 3.0.1, and 3.1.0; ActiveMatrix Service Bus 3.0.0 and 3.0.1; ActiveMatrix BusinessWorks Service Engine 5.9.0; ActiveMatrix BPM 1.0.1 and 1.0.2; Silver BPM Service 1.0.1; and Silver CAP Service 1.0.0 allows remote authenticated users to execute arbitrary code via vectors related to JMX connections."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "42640", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/42640"}, {"name": "ADV-2010-3241", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/3241"}, {"name": "45400", "refsource": "BID", "url": "http://www.securityfocus.com/bid/45400"}, {"name": "1024894", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1024894"}, {"name": "http://www.tibco.com/multimedia/activematrix_advisory_20101214_tcm8-12728.txt", "refsource": "CONFIRM", "url": "http://www.tibco.com/multimedia/activematrix_advisory_20101214_tcm8-12728.txt"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T03:51:16.964Z"}, "title": "CVE Program Container", "references": [{"name": "42640", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/42640"}, {"name": "ADV-2010-3241", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/3241"}, {"name": "45400", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/45400"}, {"name": "1024894", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1024894"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.tibco.com/multimedia/activematrix_advisory_20101214_tcm8-12728.txt"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-4495", "datePublished": "2010-12-17T18:00:00Z", "dateReserved": "2010-12-07T00:00:00Z", "dateUpdated": "2024-09-16T23:51:27.186Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tibco:activematrix_bpm:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "47C5D35B-3DA4-4829-9115-9061F725392B", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:activematrix_bpm:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "5C5F8D9F-C1E1-4F39-BF08-D08FC07523C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:activematrix_businessworks_service_engine:5.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "F5A147E2-A869-4306-94C7-D5B32333EE1E", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:activematrix_service_bus:3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "A2BB758D-5C74-493C-ABE7-6DA289253636", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:activematrix_service_bus:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "F3A5CE12-C8A8-4E48-BF6C-914C284D391C", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:activematrix_service_grid:3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "68B99531-DFDA-4625-B0E7-4CDF20A73DF1", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:activematrix_service_grid:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "F28DAF05-7BB6-404E-8710-A61866338605", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:activematrix_service_grid:3.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "F633E9D8-BCB2-4748-A91C-1A3D5CD1C953", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:silver_bpm_service:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "CF339B05-7165-4D1B-BB4B-DB72E7D1A0F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:silver_cap_service:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "5E886566-E2FF-4453-8400-DEE39E3852DC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the ActiveMatrix Runtime component in TIBCO ActiveMatrix Service Grid 3.0.0, 3.0.1, and 3.1.0; ActiveMatrix Service Bus 3.0.0 and 3.0.1; ActiveMatrix BusinessWorks Service Engine 5.9.0; ActiveMatrix BPM 1.0.1 and 1.0.2; Silver BPM Service 1.0.1; and Silver CAP Service 1.0.0 allows remote authenticated users to execute arbitrary code via vectors related to JMX connections."}, {"lang": "es", "value": "Vulnerabilidad no especificada en el componente Runtime ActiveMatrix de TIBCO ActiveMatrix Service Grid v3.0.0, v3.0.1 y v3.1.0; ActiveMatrix Service Bus v3.0.0 y v3.0.1; ActiveMatrix BusinessWorks Service Engine v5.9.0, v1.0.1 y ActiveMatrix BPM v1.0.2, Silver BPM Service v1.0.1, y de Silver CAP Service v1.0.0 permite a usuarios remotos autenticados para ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores relacionados con las conexiones JMX."}], "id": "CVE-2010-4495", "lastModified": "2010-12-20T05:00:00.000", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-12-17T19:00:23.933", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/42640"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/45400"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1024894"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.tibco.com/multimedia/activematrix_advisory_20101214_tcm8-12728.txt"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/3241"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}