CVE-2010-0184

The (1) domainutility and (2) domainutilitycmd components in TIBCO Domain Utility in TIBCO Runtime Agent (TRA) before 5.6.2, as used in TIBCO ActiveMatrix BusinessWorks and other products, set weak permissions on domain properties files, which allows local users to obtain domain administrator credentials, and gain privileges on all domain systems, via unspecified vectors.

Published: Jan 14, 2010
Updated: Apr 13, 2023
CVE: CVE-2010-0184
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
tibco / runtime_agent	-	5.6.1.x
tibco / runtime_agent	5.5.4	5.5.4.x
tibco / runtime_agent	5.5.3	5.5.3.x
tibco / runtime_agent	5.4.0	5.4.0.x
tibco / runtime_agent	5.6	5.6.x

http://secunia.com/advisories/38191
http://www.securityfocus.com/bid/37805
http://www.tibco.com/mk/advisory.jsp
http://www.tibco.com/multimedia/security_advisory_runtime_agent_20100113_tcm8-10392.txt
http://www.vupen.com/english/advisories/2010/0128

Vulnerability Database

290,020

CVE-2010-0184