CVE-2010-4495 : Unspecified vulnerability in the ActiveMatrix Runtime component in TIBCO ActiveMatrix Service Grid 3.0.0, 3.0.1, and 3.1

Unspecified vulnerability in the ActiveMatrix Runtime component in TIBCO ActiveMatrix Service Grid 3.0.0, 3.0.1, and 3.1.0; ActiveMatrix Service Bus 3.0.0 and 3.0.1; ActiveMatrix BusinessWorks Service Engine 5.9.0; ActiveMatrix BPM 1.0.1 and 1.0.2; Silver BPM Service 1.0.1; and Silver CAP Service 1.0.0 allows remote authenticated users to execute arbitrary code via vectors related to JMX connections.

Published 2010-12-17 19:00:24

Updated 2010-12-20 05:00:00

Source MITRE

View at NVD, CVE.org

Vulnerability category: Execute code

Exploit prediction scoring system (EPSS) score for CVE-2010-4495

Probability of exploitation activity in the next 30 days: 0.49%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 75 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2010-4495

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
9.0	HIGH	AV:N/AC:L/Au:S/C:C/I:C/A:C	8.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

References for CVE-2010-4495

http://www.tibco.com/multimedia/activematrix_advisory_20101214_tcm8-12728.txt

404 Not Found
Vendor Advisory
http://www.vupen.com/english/advisories/2010/3241

Webmail | OVH- OVH
Vendor Advisory
http://www.securitytracker.com/id?1024894

TIBCO ActiveMatrix JMX Connection Processing Flaw Lets Remote Users Execute Arbitrary Code, Deny Service, and Obtain Potentially Sensitive Information - SecurityTracker
http://www.securityfocus.com/bid/45400

TIBCO ActiveMatrix Products Unspecified Remote Code Execution Vulnerability

Products affected by CVE-2010-4495

Tibco » Activematrix Service Grid » Version: 3.0.1
cpe:2.3:a:tibco:activematrix_service_grid:3.0.1:*:*:*:*:*:*:*
Matching versions
Tibco » Activematrix Service Grid » Version: 3.1.0
cpe:2.3:a:tibco:activematrix_service_grid:3.1.0:*:*:*:*:*:*:*
Matching versions
Tibco » Activematrix Service Grid » Version: 3.0.0
cpe:2.3:a:tibco:activematrix_service_grid:3.0.0:*:*:*:*:*:*:*
Matching versions
Tibco » Activematrix Service Bus » Version: 3.0.0
cpe:2.3:a:tibco:activematrix_service_bus:3.0.0:*:*:*:*:*:*:*
Matching versions
Tibco » Activematrix Service Bus » Version: 3.0.1
cpe:2.3:a:tibco:activematrix_service_bus:3.0.1:*:*:*:*:*:*:*
Matching versions
Tibco » Activematrix Businessworks Service Engine » Version: 5.9.0
cpe:2.3:a:tibco:activematrix_businessworks_service_engine:5.9.0:*:*:*:*:*:*:*
Matching versions
Tibco » Activematrix Bpm » Version: 1.0.1
cpe:2.3:a:tibco:activematrix_bpm:1.0.1:*:*:*:*:*:*:*
Matching versions
Tibco » Activematrix Bpm » Version: 1.0.2
cpe:2.3:a:tibco:activematrix_bpm:1.0.2:*:*:*:*:*:*:*
Matching versions
Tibco » Silver Bpm Service » Version: 1.0.1
cpe:2.3:a:tibco:silver_bpm_service:1.0.1:*:*:*:*:*:*:*
Matching versions
Tibco » Silver Cap Service » Version: 1.0.0
cpe:2.3:a:tibco:silver_cap_service:1.0.0:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2010-4495

Exploit prediction scoring system (EPSS) score for CVE-2010-4495

CVSS scores for CVE-2010-4495

References for CVE-2010-4495

Products affected by CVE-2010-4495