SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Generic)  >   TIBCO ActiveMatrix Vendors:   TIBCO Software
TIBCO ActiveMatrix JMX Connection Processing Flaw Lets Remote Users Execute Arbitrary Code, Deny Service, and Obtain Potentially Sensitive Information
SecurityTracker Alert ID:  1024894
SecurityTracker URL:  http://securitytracker.com/id/1024894
CVE Reference:   CVE-2010-4495   (Links to External Site)
Date:  Dec 15 2010
Impact:   Denial of service via network, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in TIBCO ActiveMatrix. A remote user can execute arbitrary code on the target system. A remote user can cause denial of service conditions. A remote user can determine the installation path.

A remote user can exploit a flaw in the handling of JMX connections to gain administrative control over the target system, allowing the user to execute arbitrary code on any host that is a participant in the system.

The following products are affected:

TIBCO ActiveMatrix Service Grid versions 3.0.0, 3.0.1, and 3.1.0
TIBCO ActiveMatrix Service Bus versions 3.0.0 and 3.0.1
TIBCO ActiveMatrix BusinessWorks Service Engine 5.9.0
TIBCO ActiveMatrix BPM versions 1.0.1 and 1.0.2
TIBCO Silver BPM Service version 1.0.1
TIBCO Silver CAP Service version 1.0.0
TIBCO ActiveMatrix Runtime

Impact:   A remote user can execute arbitrary code on the target system.

A remote user can cause denial of service conditions.

A remote user can obtain potentially sensitive information.

Solution:   The vendor has issued the following fixes.

TIBCO ActiveMatrix Service Grid 3.0.X version 3.0.2 or higher
TIBCO ActiveMatrix Service Grid version 3.1.1 or higher
TIBCO ActiveMatrix Service Bus version 3.0.2 or higher
TIBCO ActiveMatrix Business Works Service Engine 5.9.1 or higher
TIBCO ActiveMatrix BPM version 1.0.3 or higher
TIBCO Silver BPM Service version 1.0.3 or higher
TIBCO Silver CAP Service version 1.0.1 or higher

The vendor's advisory is available at:

http://www.tibco.com/multimedia/activematrix_advisory_20101214_tcm8-12728.txt

Vendor URL:  www.tibco.com/multimedia/activematrix_advisory_20101214_tcm8-12728.txt (Links to External Site)
Cause:   Not specified
Underlying OS:  

Message History:   None.


 Source Message Contents

Date:  Wed, 15 Dec 2010 21:48:34 +0000
Subject:  TIBCO ActiveMatrix vulnerability


http://www.tibco.com/multimedia/activematrix_advisory_20101214_tcm8-12728.txt

CVE-2010-4495

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC