Vulnerability Description
The (1) ActiveMatrix Runtime and (2) ActiveMatrix Administrator components in TIBCO ActiveMatrix Service Grid before 2.3.1, ActiveMatrix Service Bus before 2.3.1, ActiveMatrix BusinessWorks Service Engine before 5.8.1, and ActiveMatrix Service Performance Manager before 1.3.2 do not properly handle JMX connections, which allows remote attackers to execute arbitrary code, obtain sensitive information, or cause a denial of service via unspecified vectors.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tibco | Activematrix Businessworks Service Engine | <= 5.8.0 |
| Tibco | Activematrix Service Bus | <= 2.3.0 |
| Tibco | Activematrix Service Grid | <= 2.3.0 |
| Tibco | Activematrix Service Performance Manager | <= 1.3.1 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/41891Vendor Advisory
- http://www.securityfocus.com/bid/44254
- http://www.tibco.com/multimedia/activematrix_advisory_tcm8-12488.txtVendor Advisory
- http://www.tibco.com/services/support/advisories/activematrix-advisory_20101019.PatchVendor Advisory
- http://www.vupen.com/english/advisories/2010/2747Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/62674
- http://secunia.com/advisories/41891Vendor Advisory
- http://www.securityfocus.com/bid/44254
- http://www.tibco.com/multimedia/activematrix_advisory_tcm8-12488.txtVendor Advisory
- http://www.tibco.com/services/support/advisories/activematrix-advisory_20101019.PatchVendor Advisory
- http://www.vupen.com/english/advisories/2010/2747Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/62674
FAQ
What is CVE-2010-3491?
CVE-2010-3491 is a vulnerability with a CVSS score of 10.0 (HIGH). The (1) ActiveMatrix Runtime and (2) ActiveMatrix Administrator components in TIBCO ActiveMatrix Service Grid before 2.3.1, ActiveMatrix Service Bus before 2.3.1, ActiveMatrix BusinessWorks Service En...
How severe is CVE-2010-3491?
CVE-2010-3491 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-3491?
Check the references section above for vendor advisories and patch information. Affected products include: Tibco Activematrix Businessworks Service Engine, Tibco Activematrix Service Bus, Tibco Activematrix Service Grid, Tibco Activematrix Service Performance Manager.