TIBCO ActiveMatrix JMX Connection Processing Flaw Lets Remote Users Execute Arbitrary Code, Deny Service, and Obtain Potentially Sensitive Information - SecurityTracker

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Generic) > TIBCO ActiveMatrix

Vendors: TIBCO Software

TIBCO ActiveMatrix JMX Connection Processing Flaw Lets Remote Users Execute Arbitrary Code, Deny Service, and Obtain Potentially Sensitive Information

SecurityTracker Alert ID: 1024894

SecurityTracker URL: http://securitytracker.com/id/1024894

CVE Reference: CVE-2010-4495 (Links to External Site)

Date: Dec 15 2010

Impact: Denial of service via network, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network

Fix Available: Yes Vendor Confirmed: Yes

Description: A vulnerability was reported in TIBCO ActiveMatrix. A remote user can execute arbitrary code on the target system. A remote user can cause denial of service conditions. A remote user can determine the installation path.

A remote user can exploit a flaw in the handling of JMX connections to gain administrative control over the target system, allowing the user to execute arbitrary code on any host that is a participant in the system.

The following products are affected:

TIBCO ActiveMatrix Service Grid versions 3.0.0, 3.0.1, and 3.1.0
TIBCO ActiveMatrix Service Bus versions 3.0.0 and 3.0.1
TIBCO ActiveMatrix BusinessWorks Service Engine 5.9.0
TIBCO ActiveMatrix BPM versions 1.0.1 and 1.0.2
TIBCO Silver BPM Service version 1.0.1
TIBCO Silver CAP Service version 1.0.0
TIBCO ActiveMatrix Runtime

Impact: A remote user can execute arbitrary code on the target system.

A remote user can cause denial of service conditions.

A remote user can obtain potentially sensitive information.

Solution: The vendor has issued the following fixes.

TIBCO ActiveMatrix Service Grid 3.0.X version 3.0.2 or higher
TIBCO ActiveMatrix Service Grid version 3.1.1 or higher
TIBCO ActiveMatrix Service Bus version 3.0.2 or higher
TIBCO ActiveMatrix Business Works Service Engine 5.9.1 or higher
TIBCO ActiveMatrix BPM version 1.0.3 or higher
TIBCO Silver BPM Service version 1.0.3 or higher
TIBCO Silver CAP Service version 1.0.1 or higher

The vendor's advisory is available at:

http://www.tibco.com/multimedia/activematrix_advisory_20101214_tcm8-12728.txt

Vendor URL: www.tibco.com/multimedia/activematrix_advisory_20101214_tcm8-12728.txt (Links to External Site)

Cause: Not specified

Underlying OS:

Message History: None.

Source Message Contents

Date: Wed, 15 Dec 2010 21:48:34 +0000
Subject: TIBCO ActiveMatrix vulnerability


http://www.tibco.com/multimedia/activematrix_advisory_20101214_tcm8-12728.txt

CVE-2010-4495

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2013, SecurityGlobal.net LLC