CVE-2010-3491: Input Validation
First published: Tue Oct 26 2010(Updated: )
The (1) ActiveMatrix Runtime and (2) ActiveMatrix Administrator components in TIBCO ActiveMatrix Service Grid before 2.3.1, ActiveMatrix Service Bus before 2.3.1, ActiveMatrix BusinessWorks Service Engine before 5.8.1, and ActiveMatrix Service Performance Manager before 1.3.2 do not properly handle JMX connections, which allows remote attackers to execute arbitrary code, obtain sensitive information, or cause a denial of service via unspecified vectors.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tibco Activematrix Businessworks Service Engine | <=5.8.0 | |
| TIBCO ActiveMatrix Service Bus | <=2.3.0 | |
| Tibco Activematrix Service Grid | <=2.3.0 | |
| Tibco Activematrix Service Performance Manager | <=1.3.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/advisories/41891
- http://www.securityfocus.com/bid/44254
- http://www.tibco.com/multimedia/activematrix_advisory_tcm8-12488.txt
- http://www.tibco.com/services/support/advisories/activematrix-advisory_20101019.jsp
- http://www.vupen.com/english/advisories/2010/2747
- https://exchange.xforce.ibmcloud.com/vulnerabilities/62674
Frequently Asked Questions
What components are affected by CVE-2010-3491?
CVE-2010-3491 affects the ActiveMatrix Runtime, ActiveMatrix Administrator, ActiveMatrix BusinessWorks Service Engine (up to version 5.8.0), ActiveMatrix Service Bus (up to version 2.3.0), ActiveMatrix Service Grid (up to version 2.3.0), and ActiveMatrix Service Performance Manager (up to version 1.3.1).
What is the severity of CVE-2010-3491?
The severity of CVE-2010-3491 has been assessed as high due to insufficient handling of certain operations that could lead to unauthorized access or denial of service.
How do I fix CVE-2010-3491?
To fix CVE-2010-3491, upgrade to the latest patches or versions of the affected TIBCO ActiveMatrix components, specifically versions 2.3.1 or higher for the Service Bus, Service Grid, BusinessWorks Service Engine, and Performance Manager.
Can CVE-2010-3491 be exploited remotely?
Yes, CVE-2010-3491 can be exploited remotely, allowing attackers to potentially gain unauthorized access to sensitive information.
What impact does CVE-2010-3491 have on system security?
CVE-2010-3491 poses a significant risk to system security by potentially allowing attackers to manipulate or access protected data without proper authorization.
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-historical
- collector/nvd-index
- vendor/tibco
- canonical/tibco activematrix service performance manager
- version/tibco activematrix service performance manager/1.3.1
- canonical/tibco activematrix service bus
- version/tibco activematrix service bus/2.3.0
- canonical/tibco activematrix businessworks service engine
- version/tibco activematrix businessworks service engine/5.8.0
- canonical/tibco activematrix service grid
- version/tibco activematrix service grid/2.3.0