CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2010-4499
https://notcve.org/view.php?id=CVE-2010-4499
Session fixation vulnerability in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allows remote attackers to hijack web sessions via unspecified vectors. Vulnerabilidad de fijación de sesión en el servidor Collaborative Information Manager, como el usado den TIBCO Collaborative Información Manager anteriores a v8.1.0 y ActiveCatalog anteriores a v1.0.1 permite a atacantes remotos secuestrar sesiones web a través de vectores sin expecificar. • http://osvdb.org/70374 http://secunia.com/advisories/42791 http://www.securityfocus.com/bid/45691 http://www.securitytracker.com/id?1024942 http://www.tibco.com/multimedia/cim_advisory_20110105_tcm8-12765.txt http://www.tibco.com/services/support/advisories/cim-advisory_20100105.jsp http://www.vupen.com/english/advisories/2011/0037 https://exchange.xforce.ibmcloud.com/vulnerabilities/64523 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2010-4496
https://notcve.org/view.php?id=CVE-2010-4496
Multiple SQL injection vulnerabilities in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allow remote attackers to execute arbitrary SQL commands via unspecified vectors. Múltiples vulnerabilidades de inyección SQL en Collaborative Information Manager, como el que se usa en TIBCO Collaborative Information Manager anteriores a v8.1.0 y ActiveCatalog anteriores a 1.0.1, permite a atacantes remotos ejecutar comandos SQL a través de vectores no especificados. • http://osvdb.org/70371 http://secunia.com/advisories/42791 http://www.securityfocus.com/bid/45691 http://www.securitytracker.com/id?1024942 http://www.tibco.com/multimedia/cim_advisory_20110105_tcm8-12765.txt http://www.tibco.com/services/support/advisories/cim-advisory_20100105.jsp http://www.vupen.com/english/advisories/2011/0037 https://exchange.xforce.ibmcloud.com/vulnerabilities/64520 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2010-4498
https://notcve.org/view.php?id=CVE-2010-4498
Unspecified vulnerability in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allows remote attackers to modify data or obtain sensitive information via a crafted URL. Vulnerabilidad no especificada en Collaborative Information Manager, como el usado en TIBCO Collaborative Information Manager anteriores a v8.1.0 y ActiveCatalog anteriores a v1.0.1, permite a atacantes remotos la modificación de datos u obtener información sensible a través de una URL manipulada. • http://osvdb.org/70373 http://secunia.com/advisories/42791 http://www.securityfocus.com/bid/45691 http://www.securitytracker.com/id?1024942 http://www.tibco.com/multimedia/cim_advisory_20110105_tcm8-12765.txt http://www.tibco.com/services/support/advisories/cim-advisory_20100105.jsp http://www.vupen.com/english/advisories/2011/0037 https://exchange.xforce.ibmcloud.com/vulnerabilities/64522 •
CVSS: 9.0EPSS: 0%CPEs: 10EXPL: 0CVE-2010-4495
https://notcve.org/view.php?id=CVE-2010-4495
Unspecified vulnerability in the ActiveMatrix Runtime component in TIBCO ActiveMatrix Service Grid 3.0.0, 3.0.1, and 3.1.0; ActiveMatrix Service Bus 3.0.0 and 3.0.1; ActiveMatrix BusinessWorks Service Engine 5.9.0; ActiveMatrix BPM 1.0.1 and 1.0.2; Silver BPM Service 1.0.1; and Silver CAP Service 1.0.0 allows remote authenticated users to execute arbitrary code via vectors related to JMX connections. Vulnerabilidad no especificada en el componente Runtime ActiveMatrix de TIBCO ActiveMatrix Service Grid v3.0.0, v3.0.1 y v3.1.0; ActiveMatrix Service Bus v3.0.0 y v3.0.1; ActiveMatrix BusinessWorks Service Engine v5.9.0, v1.0.1 y ActiveMatrix BPM v1.0.2, Silver BPM Service v1.0.1, y de Silver CAP Service v1.0.0 permite a usuarios remotos autenticados para ejecutar código arbitrario a través de vectores relacionados con las conexiones JMX. • http://secunia.com/advisories/42640 http://www.securityfocus.com/bid/45400 http://www.securitytracker.com/id?1024894 http://www.tibco.com/multimedia/activematrix_advisory_20101214_tcm8-12728.txt http://www.vupen.com/english/advisories/2010/3241 •
CVSS: 10.0EPSS: 9%CPEs: 4EXPL: 0CVE-2010-3491
https://notcve.org/view.php?id=CVE-2010-3491
The (1) ActiveMatrix Runtime and (2) ActiveMatrix Administrator components in TIBCO ActiveMatrix Service Grid before 2.3.1, ActiveMatrix Service Bus before 2.3.1, ActiveMatrix BusinessWorks Service Engine before 5.8.1, and ActiveMatrix Service Performance Manager before 1.3.2 do not properly handle JMX connections, which allows remote attackers to execute arbitrary code, obtain sensitive information, or cause a denial of service via unspecified vectors. Los componentes (1) ActiveMatrix Runtime y(2) ActiveMatrix Administrator en TIBCO ActiveMatrix Service Grid anterior v2.3.1, ActiveMatrix Service Bus anterior v2.3.1, ActiveMatrix BusinessWorks Service Engine anterior v5.8.1, y ActiveMatrix Service Performance Manager anterior v1.3.2 no maneja adecuadamente las conexiones JMX, lo que permite a atacantes remotos ejecutar código de su elección, obtener información sensible, o causar una denegación de servicio a través de vectores no especificados. • http://secunia.com/advisories/41891 http://www.securityfocus.com/bid/44254 http://www.tibco.com/multimedia/activematrix_advisory_tcm8-12488.txt http://www.tibco.com/services/support/advisories/activematrix-advisory_20101019.jsp http://www.vupen.com/english/advisories/2010/2747 https://exchange.xforce.ibmcloud.com/vulnerabilities/62674 • CWE-20: Improper Input Validation •