CVE-2010-3491

Опубликовано: 26 окт. 2010

Источник: nvd

CVSS2: 10

EPSS Низкий

Описание

The (1) ActiveMatrix Runtime and (2) ActiveMatrix Administrator components in TIBCO ActiveMatrix Service Grid before 2.3.1, ActiveMatrix Service Bus before 2.3.1, ActiveMatrix BusinessWorks Service Engine before 5.8.1, and ActiveMatrix Service Performance Manager before 1.3.2 do not properly handle JMX connections, which allows remote attackers to execute arbitrary code, obtain sensitive information, or cause a denial of service via unspecified vectors.

Ссылки

http://secunia.com/advisories/41891
Vendor Advisory
http://www.securityfocus.com/bid/44254
http://www.tibco.com/multimedia/activematrix_advisory_tcm8-12488.txt
Vendor Advisory
http://www.tibco.com/services/support/advisories/activematrix-advisory_20101019.jsp
Patch
Vendor Advisory
http://www.vupen.com/english/advisories/2010/2747
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/62674
http://secunia.com/advisories/41891
Vendor Advisory
http://www.securityfocus.com/bid/44254
http://www.tibco.com/multimedia/activematrix_advisory_tcm8-12488.txt
Vendor Advisory
http://www.tibco.com/services/support/advisories/activematrix-advisory_20101019.jsp
Patch
Vendor Advisory
http://www.vupen.com/english/advisories/2010/2747
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/62674

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:tibco:activematrix_businessworks_service_engine:*:*:*:*:*:*:*:*

Версия до 5.8.0 (включая)

cpe:2.3:a:tibco:activematrix_service_bus:*:*:*:*:*:*:*:*

Версия до 2.3.0 (включая)

cpe:2.3:a:tibco:activematrix_service_grid:*:*:*:*:*:*:*:*

Версия до 2.3.0 (включая)

cpe:2.3:a:tibco:activematrix_service_performance_manager:*:*:*:*:*:*:*:*

Версия до 1.3.1 (включая)

EPSS

Процентиль: 90%

0.0603

Низкий

10 Critical

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-jcvj-9pfw-q2cg

github

больше 3 лет назад