CVE-2010-3491

The (1) ActiveMatrix Runtime and (2) ActiveMatrix Administrator components in TIBCO ActiveMatrix Service Grid before 2.3.1, ActiveMatrix Service Bus before 2.3.1, ActiveMatrix BusinessWorks Service Engine before 5.8.1, and ActiveMatrix Service Performance Manager before 1.3.2 do not properly handle JMX connections, which allows remote attackers to execute arbitrary code, obtain sensitive information, or cause a denial of service via unspecified vectors.

Published: Oct 26, 2010
Updated: Apr 13, 2023
CVE: CVE-2010-3491
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
tibco / activematrix_service_performance_manager	-	1.3.1.x
tibco / activematrix_service_bus	-	2.3.0.x
tibco / activematrix_businessworks_service_engine	-	5.8.0.x
tibco / activematrix_service_grid	-	2.3.0.x

http://secunia.com/advisories/41891
http://www.securityfocus.com/bid/44254
http://www.tibco.com/multimedia/activematrix_advisory_tcm8-12488.txt
http://www.tibco.com/services/support/advisories/activematrix-advisory_20101019.jsp
http://www.vupen.com/english/advisories/2010/2747
https://exchange.xforce.ibmcloud.com/vulnerabilities/62674

Vulnerability Database

289,871

CVE-2010-3491