CVE-2010-4495 — Activematrix BPM vulnerability

3 documents3 sources

Severity

9.0CRITICALNVD

EPSS

1.1%

top 22.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tibco Activematrix BPM Tibco Activematrix Businessworks Service Engine Tibco Activematrix Service BUS +3 more

Timeline

PublishedDec 17

Latest updateMay 17

Description

Unspecified vulnerability in the ActiveMatrix Runtime component in TIBCO ActiveMatrix Service Grid 3.0.0, 3.0.1, and 3.1.0; ActiveMatrix Service Bus 3.0.0 and 3.0.1; ActiveMatrix BusinessWorks Service Engine 5.9.0; ActiveMatrix BPM 1.0.1 and 1.0.2; Silver BPM Service 1.0.1; and Silver CAP Service 1.0.0 allows remote authenticated users to execute arbitrary code via vectors related to JMX connections.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 8.0 | Impact: 10.0

Affected Packages6 packages

▶NVDtibco/activematrix_businessworks_service_engine5.9.0

▶NVDtibco/activematrix_service_grid3.0.0, 3.0.1, 3.1.0+2

▶NVDtibco/activematrix_service_bus3.0.0, 3.0.1+1

▶NVDtibco/silver_bpm_service1.0.1

▶NVDtibco/silver_cap_service1.0.0

🔴Vulnerability Details

GHSA

GHSA-v9pm-7h94-mgr6: Unspecified vulnerability in the ActiveMatrix Runtime component in TIBCO ActiveMatrix Service Grid 3↗2022-05-17

▶

CVEList

CVE-2010-4495: Unspecified vulnerability in the ActiveMatrix Runtime component in TIBCO ActiveMatrix Service Grid 3↗2010-12-17

▶