Search criteria
24 vulnerabilities found for activematrix_bpm by tibco
FKIE_CVE-2019-8993
Vulnerability from fkie_nvd - Published: 2019-04-24 21:29 - Updated: 2024-11-21 04:50
Severity ?
Summary
The administrative web server component of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Service Grid, TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric, TIBCO Silver Fabric Enabler for ActiveMatrix BPM, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid contains a vulnerability that could theoretically allow an unauthenticated user to download a file with credentials information. Affected releases are TIBCO Software Inc.'s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, TIBCO ActiveMatrix Policy Director: versions up to and including 1.1.0, TIBCO ActiveMatrix Service Bus: versions up to and including 3.3.0, TIBCO ActiveMatrix Service Grid: versions up to and including 3.3.1, TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric: versions up to and including 3.3.0, TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid: versions up to and including 1.3.1.
References
| URL | Tags | ||
|---|---|---|---|
| security@tibco.com | http://www.securityfocus.com/bid/108056 | Broken Link, Third Party Advisory, VDB Entry | |
| security@tibco.com | http://www.tibco.com/services/support/advisories | Vendor Advisory | |
| security@tibco.com | https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-24-2019-tibco-active-matrix-service-grid-2019-8993 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/108056 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.tibco.com/services/support/advisories | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-24-2019-tibco-active-matrix-service-grid-2019-8993 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tibco | activematrix_bpm | * | |
| tibco | activematrix_bpm | * | |
| tibco | activematrix_policy_director | * | |
| tibco | activematrix_service_bus | * | |
| tibco | activematrix_service_grid | * | |
| tibco | activematrix_service_grid | * | |
| tibco | silver_fabric_enabler | * | |
| tibco | silver_fabric_enabler | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:activematrix_bpm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A533C8A0-3C54-4096-8C29-22E287CB682F",
"versionEndIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_bpm:*:*:*:*:*:silver_fabric:*:*",
"matchCriteriaId": "B01AFA33-D029-48E1-B748-0E828F13F6A7",
"versionEndIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_policy_director:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F67910C-AE3D-4A9F-B9E3-617D9EAAFBF7",
"versionEndIncluding": "1.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_service_bus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C4A41001-9FD6-4821-99C5-56CB1D1C4002",
"versionEndIncluding": "3.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_service_grid:*:*:*:*:*:silver_fabric:*:*",
"matchCriteriaId": "1EC19FE2-7EF2-4B67-8AE7-47B4ECFD9A5A",
"versionEndIncluding": "3.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_service_grid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBFA5AC6-473A-4FF8-B418-4633DC837E9B",
"versionEndIncluding": "3.3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:silver_fabric_enabler:*:*:*:*:*:activematrix_service_grid:*:*",
"matchCriteriaId": "52116CC3-1347-4B8E-81F0-D17668D88D10",
"versionEndIncluding": "1.3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:silver_fabric_enabler:*:*:*:*:*:activematrix_bpm:*:*",
"matchCriteriaId": "85EFD5DF-F39D-4737-82A4-3E10BBF3EF2C",
"versionEndIncluding": "1.4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The administrative web server component of TIBCO Software Inc.\u0027s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Service Grid, TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric, TIBCO Silver Fabric Enabler for ActiveMatrix BPM, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid contains a vulnerability that could theoretically allow an unauthenticated user to download a file with credentials information. Affected releases are TIBCO Software Inc.\u0027s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, TIBCO ActiveMatrix Policy Director: versions up to and including 1.1.0, TIBCO ActiveMatrix Service Bus: versions up to and including 3.3.0, TIBCO ActiveMatrix Service Grid: versions up to and including 3.3.1, TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric: versions up to and including 3.3.0, TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid: versions up to and including 1.3.1."
},
{
"lang": "es",
"value": "El componente de servidor web administrativo de TIBCO Software Inc.TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution para TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Service Grid, TIBCO ActiveMatrix Service Grid Distribution para TIBCO Silver Fabric, TIBCO Silver Fabric Enabler para ActiveMatrix BPM y TIBCO Silver Fabric Enabler para ActiveMatrix Service Grid contienen una vulnerabilidad que te\u00f3ricamente podr\u00eda permitir a un usuario no autenticado descargar un archivo con informaci\u00f3n de credenciales. Las versiones afectadas son TIBCO Software Inc.\u0027s TIBCO ActiveMatrix BPM: versiones hasta 4.2.0 inclusive, TIBCO ActiveMatrix BPM Distribution para TIBCO Silver Fabric: versiones hasta 4.2.0 inclusive, TIBCO ActiveMatrix Policy Director: versiones hasta 1.1.0 inclusive, TIBCO ActiveMatrix Service Bus: versiones hasta 3.3.0 inclusive, TIBCO ActiveMatrix Service Grid: versiones hasta 3.3.1 inclusive, TIBCO ActiveMatrix Service Grid Distribution para TIBCO Silver Fabric: versiones hasta 3.3.0 inclusive, TIBCO Silver Fabric Enabler para ActiveMatrix BPM: versiones hasta 1.4.1 inclusive y TIBCO Silver Fabric Enabler para ActiveMatrix Service Grid: versiones hasta 1.3.1 inclusive."
}
],
"id": "CVE-2019-8993",
"lastModified": "2024-11-21T04:50:46.650",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "security@tibco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-24T21:29:01.353",
"references": [
{
"source": "security@tibco.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108056"
},
{
"source": "security@tibco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"source": "security@tibco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-24-2019-tibco-active-matrix-service-grid-2019-8993"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108056"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-24-2019-tibco-active-matrix-service-grid-2019-8993"
}
],
"sourceIdentifier": "security@tibco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-8992
Vulnerability from fkie_nvd - Published: 2019-04-24 21:29 - Updated: 2024-11-21 04:50
Severity ?
Summary
The administrative server component of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Service Grid, TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric, TIBCO Silver Fabric Enabler for ActiveMatrix BPM, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid contains a vulnerability wherein a user without privileges to upload distributed application archives ("Upload DAA" permission) can theoretically upload arbitrary code, and in some circumstances then execute that code on ActiveMatrix Service Grid nodes. Affected releases are TIBCO Software Inc.'s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, TIBCO ActiveMatrix Policy Director: versions up to and including 1.1.0, TIBCO ActiveMatrix Service Bus: versions up to and including 3.3.0, TIBCO ActiveMatrix Service Grid: versions up to and including 3.3.1, TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric: versions up to and including 3.3.0, TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid: versions up to and including 1.3.1.
References
| URL | Tags | ||
|---|---|---|---|
| security@tibco.com | http://www.securityfocus.com/bid/108058 | Broken Link, Third Party Advisory, VDB Entry | |
| security@tibco.com | http://www.tibco.com/services/support/advisories | Vendor Advisory | |
| security@tibco.com | https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-24-2019-tibco-active-matrix-service-grid-2019-8992 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/108058 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.tibco.com/services/support/advisories | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-24-2019-tibco-active-matrix-service-grid-2019-8992 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tibco | activematrix_bpm | * | |
| tibco | activematrix_bpm | * | |
| tibco | activematrix_policy_director | * | |
| tibco | activematrix_service_bus | * | |
| tibco | activematrix_service_grid | * | |
| tibco | activematrix_service_grid | * | |
| tibco | silver_fabric_enabler | * | |
| tibco | silver_fabric_enabler | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:activematrix_bpm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A533C8A0-3C54-4096-8C29-22E287CB682F",
"versionEndIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_bpm:*:*:*:*:*:silver_fabric:*:*",
"matchCriteriaId": "B01AFA33-D029-48E1-B748-0E828F13F6A7",
"versionEndIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_policy_director:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F67910C-AE3D-4A9F-B9E3-617D9EAAFBF7",
"versionEndIncluding": "1.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_service_bus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C4A41001-9FD6-4821-99C5-56CB1D1C4002",
"versionEndIncluding": "3.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_service_grid:*:*:*:*:*:silver_fabric:*:*",
"matchCriteriaId": "1EC19FE2-7EF2-4B67-8AE7-47B4ECFD9A5A",
"versionEndIncluding": "3.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_service_grid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBFA5AC6-473A-4FF8-B418-4633DC837E9B",
"versionEndIncluding": "3.3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:silver_fabric_enabler:*:*:*:*:*:activematrix_service_grid:*:*",
"matchCriteriaId": "52116CC3-1347-4B8E-81F0-D17668D88D10",
"versionEndIncluding": "1.3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:silver_fabric_enabler:*:*:*:*:*:activematrix_bpm:*:*",
"matchCriteriaId": "85EFD5DF-F39D-4737-82A4-3E10BBF3EF2C",
"versionEndIncluding": "1.4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The administrative server component of TIBCO Software Inc.\u0027s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Service Grid, TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric, TIBCO Silver Fabric Enabler for ActiveMatrix BPM, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid contains a vulnerability wherein a user without privileges to upload distributed application archives (\"Upload DAA\" permission) can theoretically upload arbitrary code, and in some circumstances then execute that code on ActiveMatrix Service Grid nodes. Affected releases are TIBCO Software Inc.\u0027s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, TIBCO ActiveMatrix Policy Director: versions up to and including 1.1.0, TIBCO ActiveMatrix Service Bus: versions up to and including 3.3.0, TIBCO ActiveMatrix Service Grid: versions up to and including 3.3.1, TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric: versions up to and including 3.3.0, TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid: versions up to and including 1.3.1."
},
{
"lang": "es",
"value": "El componente de servidor administrativo de TIBCO Software Inc.TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution para TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Service Grid, TIBCO ActiveMatrix Service Grid Distribution para TIBCO Silver Fabric, TIBCO Silver Fabric Enabler para ActiveMatrix BPM, y TIBCO Silver Fabric Enabler para ActiveMatrix Service Grid contiene una vulnerabilidad en la que un usuario sin privilegios para cargar archivos de aplicaciones distribuidos (permiso \"Upload DAA\") puede te\u00f3ricamente cargar c\u00f3digo arbitrario y, en algunas circunstancias, ejecutar ese c\u00f3digo en nodos de ActiveMatrix Service Grid. Las versiones afectadas son TIBCO Software Inc.\u0027s TIBCO ActiveMatrix BPM: versiones hasta 4.2.0 inclusive, TIBCO ActiveMatrix BPM Distribution para TIBCO Silver Fabric: versiones hasta 4.2.0 inclusive, TIBCO ActiveMatrix Policy Director: versiones hasta 1.1.0 inclusive, TIBCO ActiveMatrix Service Bus: versiones hasta 3.3.0 inclusive, TIBCO ActiveMatrix Service Grid: versiones hasta 3.3.1 inclusive, TIBCO ActiveMatrix Service Grid Distribution para TIBCO Silver Fabric: versiones hasta 3.3.0 inclusive, TIBCO Silver Fabric Enabler para ActiveMatrix BPM: versiones hasta 1.4.1 inclusive y TIBCO Silver Fabric Enabler para ActiveMatrix Service Grid: versiones hasta 1.3.1 inclusive."
}
],
"id": "CVE-2019-8992",
"lastModified": "2024-11-21T04:50:46.517",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0,
"source": "security@tibco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-24T21:29:01.257",
"references": [
{
"source": "security@tibco.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108058"
},
{
"source": "security@tibco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"source": "security@tibco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-24-2019-tibco-active-matrix-service-grid-2019-8992"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108058"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-24-2019-tibco-active-matrix-service-grid-2019-8992"
}
],
"sourceIdentifier": "security@tibco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-8995
Vulnerability from fkie_nvd - Published: 2019-04-24 21:29 - Updated: 2024-11-21 04:50
Severity ?
Summary
The workspace client, openspace client, and app development client of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM contain a vulnerability wherein a malicious URL could trick a user into visiting a website of the attacker's choice. Affected releases are TIBCO Software Inc.'s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1.
References
| URL | Tags | ||
|---|---|---|---|
| security@tibco.com | http://www.securityfocus.com/bid/108062 | Broken Link, Third Party Advisory, VDB Entry | |
| security@tibco.com | http://www.tibco.com/services/support/advisories | Vendor Advisory | |
| security@tibco.com | https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-24-2019-tibco-activematrix-bpm-2019-8995 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/108062 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.tibco.com/services/support/advisories | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-24-2019-tibco-activematrix-bpm-2019-8995 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tibco | activematrix_bpm | * | |
| tibco | activematrix_bpm | * | |
| tibco | silver_fabric_enabler | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:activematrix_bpm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A533C8A0-3C54-4096-8C29-22E287CB682F",
"versionEndIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_bpm:*:*:*:*:*:silver_fabric:*:*",
"matchCriteriaId": "B01AFA33-D029-48E1-B748-0E828F13F6A7",
"versionEndIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:silver_fabric_enabler:*:*:*:*:*:activematrix_bpm:*:*",
"matchCriteriaId": "85EFD5DF-F39D-4737-82A4-3E10BBF3EF2C",
"versionEndIncluding": "1.4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The workspace client, openspace client, and app development client of TIBCO Software Inc.\u0027s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM contain a vulnerability wherein a malicious URL could trick a user into visiting a website of the attacker\u0027s choice. Affected releases are TIBCO Software Inc.\u0027s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1."
},
{
"lang": "es",
"value": "El cliente de espacio de trabajo, el cliente de espacio abierto y el cliente de desarrollo de aplicaciones de TIBCO Software Inc. de TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution para TIBCO Silver Fabric y TIBCO Silver Fabric Enabler para ActiveMatrix BPM contienen una vulnerabilidad en la que una URL maliciosa podr\u00eda enga\u00f1ar a un usuario para que visite un sitio web elegido por el atacante. Las versiones afectadas son TIBCO Software Inc.\u0027s TIBCO ActiveMatrix BPM: versiones hasta 4.2.0 inclusive, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versiones hasta 4.2.0 inclusive, y TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versiones hasta 1.4.1 inclusive."
}
],
"id": "CVE-2019-8995",
"lastModified": "2024-11-21T04:50:46.910",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security@tibco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-24T21:29:01.523",
"references": [
{
"source": "security@tibco.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108062"
},
{
"source": "security@tibco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"source": "security@tibco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-24-2019-tibco-activematrix-bpm-2019-8995"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108062"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-24-2019-tibco-activematrix-bpm-2019-8995"
}
],
"sourceIdentifier": "security@tibco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-8991
Vulnerability from fkie_nvd - Published: 2019-04-24 21:29 - Updated: 2024-11-21 04:50
Severity ?
Summary
The administrator web interface of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Service Grid, TIBCO Silver Fabric Enabler for ActiveMatrix BPM, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid contains multiple vulnerabilities that may allow for cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.'s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, TIBCO ActiveMatrix Policy Director: versions up to and including 1.1.0, TIBCO ActiveMatrix Service Bus: versions up to and including 3.3.0, TIBCO ActiveMatrix Service Grid: versions up to and including 3.3.1, TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid: versions up to and including 1.3.1.
References
| URL | Tags | ||
|---|---|---|---|
| security@tibco.com | http://www.securityfocus.com/bid/108059 | Broken Link, Third Party Advisory, VDB Entry | |
| security@tibco.com | http://www.tibco.com/services/support/advisories | Vendor Advisory | |
| security@tibco.com | https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-24-2019-tibco-active-matrix-service-grid-2019-8991 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/108059 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.tibco.com/services/support/advisories | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-24-2019-tibco-active-matrix-service-grid-2019-8991 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tibco | activematrix_bpm | * | |
| tibco | activematrix_bpm | * | |
| tibco | activematrix_policy_director | * | |
| tibco | activematrix_service_bus | * | |
| tibco | activematrix_service_grid | * | |
| tibco | activematrix_service_grid | * | |
| tibco | silver_fabric_enabler | * | |
| tibco | silver_fabric_enabler | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:activematrix_bpm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A533C8A0-3C54-4096-8C29-22E287CB682F",
"versionEndIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_bpm:*:*:*:*:*:silver_fabric:*:*",
"matchCriteriaId": "B01AFA33-D029-48E1-B748-0E828F13F6A7",
"versionEndIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_policy_director:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F67910C-AE3D-4A9F-B9E3-617D9EAAFBF7",
"versionEndIncluding": "1.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_service_bus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C4A41001-9FD6-4821-99C5-56CB1D1C4002",
"versionEndIncluding": "3.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_service_grid:*:*:*:*:*:silver_fabric:*:*",
"matchCriteriaId": "1EC19FE2-7EF2-4B67-8AE7-47B4ECFD9A5A",
"versionEndIncluding": "3.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_service_grid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBFA5AC6-473A-4FF8-B418-4633DC837E9B",
"versionEndIncluding": "3.3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:silver_fabric_enabler:*:*:*:*:*:activematrix_service_grid:*:*",
"matchCriteriaId": "52116CC3-1347-4B8E-81F0-D17668D88D10",
"versionEndIncluding": "1.3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:silver_fabric_enabler:*:*:*:*:*:activematrix_bpm:*:*",
"matchCriteriaId": "85EFD5DF-F39D-4737-82A4-3E10BBF3EF2C",
"versionEndIncluding": "1.4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The administrator web interface of TIBCO Software Inc.\u0027s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Service Grid, TIBCO Silver Fabric Enabler for ActiveMatrix BPM, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid contains multiple vulnerabilities that may allow for cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.\u0027s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, TIBCO ActiveMatrix Policy Director: versions up to and including 1.1.0, TIBCO ActiveMatrix Service Bus: versions up to and including 3.3.0, TIBCO ActiveMatrix Service Grid: versions up to and including 3.3.1, TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid: versions up to and including 1.3.1."
},
{
"lang": "es",
"value": "La interfaz web de administrador de TIBCO Software Inc. para TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution para TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Service Grid, TIBCO Silver Fabric Enabler para ActiveMatrix BPM y TIBCO Silver Fabric Enabler para ActiveMatrix Service Grid contienen m\u00faltiples vulnerabilidades que pueden permitir ataques XSS y CSRF. Las versiones afectadas son TIBCO Software Inc., TIBCO ActiveMatrix BPM: versiones hasta 4.2.0 inclusive, TIBCO ActiveMatrix BPM Distribution para TIBCO Silver Fabric: versiones hasta 4.2.0 inclusive, TIBCO ActiveMatrix Policy Director: versiones hasta 1.1.0 inclusive, TIBCO ActiveMatrix Service Bus: versiones hasta 3.3.0 inclusive, TIBCO ActiveMatrix Service Grid: versiones hasta 3.3.1 inclusive, TIBCO Silver Fabric Enabler para ActiveMatrix BPM: versiones hasta 1.4.1 inclusive y TIBCO Silver Fabric Enabler para ActiveMatrix Service Grid: versiones hasta 1.3.1 inclusive."
}
],
"id": "CVE-2019-8991",
"lastModified": "2024-11-21T04:50:46.383",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "security@tibco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-24T21:29:01.163",
"references": [
{
"source": "security@tibco.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108059"
},
{
"source": "security@tibco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"source": "security@tibco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-24-2019-tibco-active-matrix-service-grid-2019-8991"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108059"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-24-2019-tibco-active-matrix-service-grid-2019-8991"
}
],
"sourceIdentifier": "security@tibco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
},
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-0689
Vulnerability from fkie_nvd - Published: 2012-03-13 10:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
The server in TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid and Service Bus 3.x before 3.1.5, BusinessWorks Service Engine 5.9.x before 5.9.3, and BPM before 1.3.0 allows remote attackers to discover credentials via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tibco | activematrix_bpm | 1.0.1 | |
| tibco | activematrix_bpm | 1.0.2 | |
| tibco | activematrix_businessworks_service_engine | 5.9.0 | |
| tibco | activematrix_service_bus | 3.0.0 | |
| tibco | activematrix_service_bus | 3.0.1 | |
| tibco | activematrix_service_grid | 3.0.0 | |
| tibco | activematrix_service_grid | 3.0.1 | |
| tibco | activematrix_service_grid | 3.1.0 | |
| tibco | silver_fabric_activematrix_service_grid_distribution | 3.1.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:activematrix_bpm:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47C5D35B-3DA4-4829-9115-9061F725392B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_bpm:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5C5F8D9F-C1E1-4F39-BF08-D08FC07523C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_businessworks_service_engine:5.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F5A147E2-A869-4306-94C7-D5B32333EE1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_service_bus:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2BB758D-5C74-493C-ABE7-6DA289253636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_service_bus:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F3A5CE12-C8A8-4E48-BF6C-914C284D391C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_service_grid:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "68B99531-DFDA-4625-B0E7-4CDF20A73DF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_service_grid:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F28DAF05-7BB6-404E-8710-A61866338605",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_service_grid:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F633E9D8-BCB2-4748-A91C-1A3D5CD1C953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:silver_fabric_activematrix_service_grid_distribution:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C115BF-EBFF-45E2-A63F-B35F1B6FE42E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The server in TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid and Service Bus 3.x before 3.1.5, BusinessWorks Service Engine 5.9.x before 5.9.3, and BPM before 1.3.0 allows remote attackers to discover credentials via unspecified vectors."
},
{
"lang": "es",
"value": "El servidor de TIBCO ActiveMatrix Platform de TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid y Service Bus 3.x anteriores a 3.1.5, BusinessWorks Service Engine 5.9.x anteriores a 5.9.3, y BPM anteriores a 1.3.0 permite a atacantes remotos obtener credenciales a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2012-0689",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-03-13T10:55:01.103",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/multimedia/activematrix3_advisory_20120308_tcm8-15728.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/multimedia/activematrix3_advisory_20120308_tcm8-15728.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-0688
Vulnerability from fkie_nvd - Published: 2012-03-13 10:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid and Service Bus 3.x before 3.1.5, BusinessWorks Service Engine 5.9.x before 5.9.3, and BPM before 1.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tibco | silver_fabric_activematrix_service_grid_distribution | 3.1.3 | |
| tibco | activematrix_service_grid | 3.0.0 | |
| tibco | activematrix_service_grid | 3.0.1 | |
| tibco | activematrix_service_grid | 3.1.0 | |
| tibco | activematrix_service_grid | 3.1.2 | |
| tibco | activematrix_service_bus | 3.0.0 | |
| tibco | activematrix_service_bus | 3.0.1 | |
| tibco | activematrix_businessworks_service_engine | 5.9.0 | |
| tibco | activematrix_businessworks_service_engine | 5.9.1 | |
| tibco | activematrix_businessworks_service_engine | 5.9.2 | |
| tibco | activematrix_bpm | * | |
| tibco | activematrix_bpm | 1.0.1 | |
| tibco | activematrix_bpm | 1.0.2 | |
| tibco | activematrix_bpm | 1.1.0 | |
| tibco | activematrix_bpm | 1.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:silver_fabric_activematrix_service_grid_distribution:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C115BF-EBFF-45E2-A63F-B35F1B6FE42E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:activematrix_service_grid:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "68B99531-DFDA-4625-B0E7-4CDF20A73DF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_service_grid:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F28DAF05-7BB6-404E-8710-A61866338605",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_service_grid:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F633E9D8-BCB2-4748-A91C-1A3D5CD1C953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_service_grid:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C77FCFF9-EEFA-4098-BBAC-7D35E04D130A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:activematrix_service_bus:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2BB758D-5C74-493C-ABE7-6DA289253636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_service_bus:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F3A5CE12-C8A8-4E48-BF6C-914C284D391C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:activematrix_businessworks_service_engine:5.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F5A147E2-A869-4306-94C7-D5B32333EE1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_businessworks_service_engine:5.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8673962-517F-40F8-AA69-DB94CECD0A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_businessworks_service_engine:5.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3FDC53F2-7AC7-490F-A1F9-55D3760D9175",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:activematrix_bpm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC2B9890-BE2B-46BA-9E23-306902AFC286",
"versionEndIncluding": "1.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_bpm:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47C5D35B-3DA4-4829-9115-9061F725392B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_bpm:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5C5F8D9F-C1E1-4F39-BF08-D08FC07523C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_bpm:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "690E5EB3-C8C4-416C-B6A8-94C1222AEC61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_bpm:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "91468F89-DBAF-45C9-894C-851583D84BAB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid and Service Bus 3.x before 3.1.5, BusinessWorks Service Engine 5.9.x before 5.9.3, and BPM before 1.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en TIBCO ActiveMatrix Platform de TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid y Service Bus 3.x anterioes a 3.1.5, BusinessWorks Service Engine 5.9.x before 5.9.3, y BPM anteriores a 1.3.0. Permite a usuarios remotos inyectar codigo de script web o c\u00f3digo HTML de su elecci\u00f3n a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2012-0688",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-03-13T10:55:01.057",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/multimedia/activematrix3_advisory_20120308_tcm8-15728.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/multimedia/activematrix3_advisory_20120308_tcm8-15728.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-0687
Vulnerability from fkie_nvd - Published: 2012-03-13 10:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
TIBCO ActiveMatrix Runtime Platform in Service Grid and Service Bus 2.x before 2.3.2 and BusinessWorks Service Engine before 5.8.2; TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid and Service Bus 3.x before 3.1.5, BusinessWorks Service Engine 5.9.x before 5.9.3, and BPM before 1.3.0; TIBCO BusinessEvents Runtime in Enterprise and Inference Editions 3.x before 3.0.3, Standard Edition 4.x before 4.0.2, and Standard Edition and Express 5.0.0; and TIBCO BusinessWorks Engine in TIBCO Silver Fabric ActiveMatrix BusinessWorks Distribution 5.9.2 and ActiveMatrix BusinessWorks before 5.9.3 allow remote attackers to obtain sensitive information via a crafted URL.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:activematrix_service_bus:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1327844B-F7C0-4AAC-8C4B-2D636962FA05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_service_bus:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1B1EBE-1D83-4EE7-8163-01A0DAAD57ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_service_bus:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7C8EE5C4-6925-4350-B0AA-25EA7CBAC521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_service_bus:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DB0CF9E0-98A3-4C71-88F5-6F4CFD279E13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_service_bus:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1F052E8A-20B8-4A10-AE17-05A58E483AA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_service_bus:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "79E3F956-9FFB-4655-B70D-FC16D361222A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_service_bus:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4AF7A848-DA84-4252-BA8F-7D063050AC21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_service_bus:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "63A24DBF-4091-4B99-9970-FCD54EA15BC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_service_bus:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2BB758D-5C74-493C-ABE7-6DA289253636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_service_bus:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F3A5CE12-C8A8-4E48-BF6C-914C284D391C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_service_grid:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5033723A-C919-4A27-8FF6-52A32BCCB017",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_service_grid:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BFCCF420-1F20-4D02-966A-AD6289DE288A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_service_grid:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E936C75A-CBBF-47EB-AE2A-1ACBD2F6FBE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_service_grid:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C03217D0-B2FC-4633-BA64-C54783D1E724",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_service_grid:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C8DFB0E-2566-4D9A-BDF9-0A7B3508C070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_service_grid:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "76EFABBA-ABC4-4F90-AC85-938260E653AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_service_grid:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9694E246-B73B-4644-915F-1FEA7F1DF415",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_service_grid:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7A4CEE48-3302-4138-8E61-0DA60452CFA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_service_grid:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "68B99531-DFDA-4625-B0E7-4CDF20A73DF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_service_grid:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F28DAF05-7BB6-404E-8710-A61866338605",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_service_grid:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F633E9D8-BCB2-4748-A91C-1A3D5CD1C953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_service_grid:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C77FCFF9-EEFA-4098-BBAC-7D35E04D130A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:activematrix_businessworks_service_engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4DAA2448-FDC2-4B64-AFE5-BF65317DFD74",
"versionEndIncluding": "5.8.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_businessworks_service_engine:5.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2B6A2A1E-FF90-44BA-B97E-7CFF440BF084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_businessworks_service_engine:5.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F79D6572-D634-4A09-A1D4-1DD199645EB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_businessworks_service_engine:5.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6A3A3AC0-5C0E-4D98-84D7-8327D116EDB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_businessworks_service_engine:5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A25960E5-D2F0-4C64-B9A0-4D792B90F901",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_businessworks_service_engine:5.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3E9E211C-1ADF-4E40-AFD8-0FD2816F04F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_businessworks_service_engine:5.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "73CD7625-A5ED-4D88-AFBF-450AE2E439D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_businessworks_service_engine:5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B72511C0-3CDA-40F4-8C35-0B2B03D19BFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_businessworks_service_engine:5.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F5A147E2-A869-4306-94C7-D5B32333EE1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_businessworks_service_engine:5.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8673962-517F-40F8-AA69-DB94CECD0A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_businessworks_service_engine:5.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3FDC53F2-7AC7-490F-A1F9-55D3760D9175",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:silver_fabric_activematrix_service_grid_distribution:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C115BF-EBFF-45E2-A63F-B35F1B6FE42E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:silver_fabric_activematrix_service_grid_distribution:5.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CCC473FC-B30F-41C1-AABC-86980CF2E563",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:activematrix_bpm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC2B9890-BE2B-46BA-9E23-306902AFC286",
"versionEndIncluding": "1.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_bpm:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47C5D35B-3DA4-4829-9115-9061F725392B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_bpm:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5C5F8D9F-C1E1-4F39-BF08-D08FC07523C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_bpm:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "690E5EB3-C8C4-416C-B6A8-94C1222AEC61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_bpm:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "91468F89-DBAF-45C9-894C-851583D84BAB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:businessevents:3.0:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "A635FA7A-831D-4A70-BB12-1DD8F8CBB1B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:businessevents:3.0:*:inference:*:*:*:*:*",
"matchCriteriaId": "D2A70B8C-1B8F-4D77-BBDE-720561D8D04E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:businessevents:3.0.1:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "1D26C307-61C7-4CE4-B6B8-52D24491DA41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:businessevents:3.0.2:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "4A365D8D-6261-4535-A811-0D8D3EB36D22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:businessevents:3.0.2:*:inference:*:*:*:*:*",
"matchCriteriaId": "824E6C4B-5F11-4073-AE4F-6934F1D0A5CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:businessevents:4.0:*:standard:*:*:*:*:*",
"matchCriteriaId": "24FBA4F6-E78B-4261-81C0-03C6D87A0586",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:businessevents:4.0.1:*:standard:*:*:*:*:*",
"matchCriteriaId": "EA2DF7B4-13B2-4C33-A26A-4C75D1D2C44F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:businessevents:5.0:*:express:*:*:*:*:*",
"matchCriteriaId": "2BCA6DA4-61C5-4017-A436-292A4016D562",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:businessevents:5.0:*:standard:*:*:*:*:*",
"matchCriteriaId": "CD81DADC-39A4-4652-A1AC-20F1CCE50AD3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:activematrix_businessworks:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC861446-3E30-4776-B874-F2E3C8C49816",
"versionEndIncluding": "5.9.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TIBCO ActiveMatrix Runtime Platform in Service Grid and Service Bus 2.x before 2.3.2 and BusinessWorks Service Engine before 5.8.2; TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid and Service Bus 3.x before 3.1.5, BusinessWorks Service Engine 5.9.x before 5.9.3, and BPM before 1.3.0; TIBCO BusinessEvents Runtime in Enterprise and Inference Editions 3.x before 3.0.3, Standard Edition 4.x before 4.0.2, and Standard Edition and Express 5.0.0; and TIBCO BusinessWorks Engine in TIBCO Silver Fabric ActiveMatrix BusinessWorks Distribution 5.9.2 and ActiveMatrix BusinessWorks before 5.9.3 allow remote attackers to obtain sensitive information via a crafted URL."
},
{
"lang": "es",
"value": "TIBCO ActiveMatrix Runtime Platform de Service Grid y Service Bus 2.x anteriores a 2.3.2 y BusinessWorks Service Engine anteriores a 5.8.2; TIBCO ActiveMatrix Platform de TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid y Service Bus 3.x anteriores a 3.1.5, BusinessWorks Service Engine 5.9.x anteriores a 5.9.3, y BPM anteriores a 1.3.0; TIBCO BusinessEvents Runtime de Enterprise y Inference Editions 3.x anteriores a 3.0.3, Standard Edition 4.x anteriores a 4.0.2, y Standard Edition y Express 5.0.0; y TIBCO BusinessWorks Engine de TIBCO Silver Fabric ActiveMatrix BusinessWorks Distribution 5.9.2 y ActiveMatrix BusinessWorks anteriores a 5.9.3 permiten a atacantes remotos obtener informaci\u00f3n confidencial a trav\u00e9s de una URL modificada."
}
],
"id": "CVE-2012-0687",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-03-13T10:55:01.010",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/multimedia/activematrix2_advisory_20120308_tcm8-15726.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/multimedia/activematrix3_advisory_20120308_tcm8-15728.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/multimedia/businessevents_advisory_20120308_tcm8-15729.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/multimedia/businessworks_advisory_20120308_tcm8-15730.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/multimedia/activematrix2_advisory_20120308_tcm8-15726.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/multimedia/activematrix3_advisory_20120308_tcm8-15728.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/multimedia/businessevents_advisory_20120308_tcm8-15729.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/multimedia/businessworks_advisory_20120308_tcm8-15730.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2010-4495
Vulnerability from fkie_nvd - Published: 2010-12-17 19:00 - Updated: 2025-04-11 00:51
Severity ?
Summary
Unspecified vulnerability in the ActiveMatrix Runtime component in TIBCO ActiveMatrix Service Grid 3.0.0, 3.0.1, and 3.1.0; ActiveMatrix Service Bus 3.0.0 and 3.0.1; ActiveMatrix BusinessWorks Service Engine 5.9.0; ActiveMatrix BPM 1.0.1 and 1.0.2; Silver BPM Service 1.0.1; and Silver CAP Service 1.0.0 allows remote authenticated users to execute arbitrary code via vectors related to JMX connections.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tibco | activematrix_bpm | 1.0.1 | |
| tibco | activematrix_bpm | 1.0.2 | |
| tibco | activematrix_businessworks_service_engine | 5.9.0 | |
| tibco | activematrix_service_bus | 3.0.0 | |
| tibco | activematrix_service_bus | 3.0.1 | |
| tibco | activematrix_service_grid | 3.0.0 | |
| tibco | activematrix_service_grid | 3.0.1 | |
| tibco | activematrix_service_grid | 3.1.0 | |
| tibco | silver_bpm_service | 1.0.1 | |
| tibco | silver_cap_service | 1.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:activematrix_bpm:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47C5D35B-3DA4-4829-9115-9061F725392B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_bpm:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5C5F8D9F-C1E1-4F39-BF08-D08FC07523C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_businessworks_service_engine:5.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F5A147E2-A869-4306-94C7-D5B32333EE1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_service_bus:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2BB758D-5C74-493C-ABE7-6DA289253636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_service_bus:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F3A5CE12-C8A8-4E48-BF6C-914C284D391C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_service_grid:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "68B99531-DFDA-4625-B0E7-4CDF20A73DF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_service_grid:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F28DAF05-7BB6-404E-8710-A61866338605",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_service_grid:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F633E9D8-BCB2-4748-A91C-1A3D5CD1C953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:silver_bpm_service:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CF339B05-7165-4D1B-BB4B-DB72E7D1A0F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:silver_cap_service:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5E886566-E2FF-4453-8400-DEE39E3852DC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the ActiveMatrix Runtime component in TIBCO ActiveMatrix Service Grid 3.0.0, 3.0.1, and 3.1.0; ActiveMatrix Service Bus 3.0.0 and 3.0.1; ActiveMatrix BusinessWorks Service Engine 5.9.0; ActiveMatrix BPM 1.0.1 and 1.0.2; Silver BPM Service 1.0.1; and Silver CAP Service 1.0.0 allows remote authenticated users to execute arbitrary code via vectors related to JMX connections."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en el componente Runtime ActiveMatrix de TIBCO ActiveMatrix Service Grid v3.0.0, v3.0.1 y v3.1.0; ActiveMatrix Service Bus v3.0.0 y v3.0.1; ActiveMatrix BusinessWorks Service Engine v5.9.0, v1.0.1 y ActiveMatrix BPM v1.0.2, Silver BPM Service v1.0.1, y de Silver CAP Service v1.0.0 permite a usuarios remotos autenticados para ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores relacionados con las conexiones JMX."
}
],
"id": "CVE-2010-4495",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-12-17T19:00:23.933",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42640"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/45400"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1024894"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/multimedia/activematrix_advisory_20101214_tcm8-12728.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/3241"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42640"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/45400"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1024894"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/multimedia/activematrix_advisory_20101214_tcm8-12728.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/3241"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2019-8993 (GCVE-0-2019-8993)
Vulnerability from cvelistv5 – Published: 2019-04-24 20:20 – Updated: 2024-09-16 19:46
VLAI?
Summary
The administrative web server component of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Service Grid, TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric, TIBCO Silver Fabric Enabler for ActiveMatrix BPM, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid contains a vulnerability that could theoretically allow an unauthenticated user to download a file with credentials information. Affected releases are TIBCO Software Inc.'s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, TIBCO ActiveMatrix Policy Director: versions up to and including 1.1.0, TIBCO ActiveMatrix Service Bus: versions up to and including 3.3.0, TIBCO ActiveMatrix Service Grid: versions up to and including 3.3.1, TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric: versions up to and including 3.3.0, TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid: versions up to and including 1.3.1.
Severity ?
8.6 (High)
CWE
- The impact of this vulnerability includes the theoretical possibility that credentials could be disclosed.
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO ActiveMatrix BPM |
Affected:
unspecified , ≤ 4.2.0
(custom)
|
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:31:37.620Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-24-2019-tibco-active-matrix-service-grid-2019-8993"
},
{
"name": "108056",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108056"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO ActiveMatrix BPM",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "4.2.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "4.2.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO ActiveMatrix Policy Director",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "1.1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO ActiveMatrix Service Bus",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "3.3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO ActiveMatrix Service Grid",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "3.3.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "3.3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Silver Fabric Enabler for ActiveMatrix BPM",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "1.4.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "1.3.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-04-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The administrative web server component of TIBCO Software Inc.\u0027s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Service Grid, TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric, TIBCO Silver Fabric Enabler for ActiveMatrix BPM, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid contains a vulnerability that could theoretically allow an unauthenticated user to download a file with credentials information. Affected releases are TIBCO Software Inc.\u0027s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, TIBCO ActiveMatrix Policy Director: versions up to and including 1.1.0, TIBCO ActiveMatrix Service Bus: versions up to and including 3.3.0, TIBCO ActiveMatrix Service Grid: versions up to and including 3.3.1, TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric: versions up to and including 3.3.0, TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid: versions up to and including 1.3.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the theoretical possibility that credentials could be disclosed.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-25T08:06:02",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-24-2019-tibco-active-matrix-service-grid-2019-8993"
},
{
"name": "108056",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108056"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO ActiveMatrix BPM versions 4.2.0 and below update to version 4.3.0 or higher\nTIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric versions 4.2.0 and below update to 4.3.0 or higher\nTIBCO ActiveMatrix Policy Director versions 1.1.0 and below update to version 2.0.0 or higher. Due to the scheduled retirement of this product in early 2021, customers are strongly encouraged to contact TIBCO Support in order to explore alternative paths for remediation.\nTIBCO ActiveMatrix Service Bus versions 3.3.0 and below update to TIBCO ActiveMatrix Service Grid version 3.4.0 or higher (product functionality has been consolidated)\nTIBCO ActiveMatrix Service Grid versions 3.3.1 and below update to version 3.4.0 or higher\nTIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric versions 3.3.0 and below update to version 3.4.0 or higher\nTIBCO Silver Fabric Enabler for ActiveMatrix BPM versions 1.4.1 and below update to version 1.4.2 or higher\nTIBCO Silver Fabric Enabler for ActiveMatrix Service Grid versions 1.3.1 and below update to version 1.3.2 or higher"
}
],
"source": {
"discovery": "USER"
},
"title": "TIBCO Active Matrix Service Grid Administrator Unauthenticated Download of Sensitive File",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2019-04-24T16:00:00.000Z",
"ID": "CVE-2019-8993",
"STATE": "PUBLIC",
"TITLE": "TIBCO Active Matrix Service Grid Administrator Unauthenticated Download of Sensitive File"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO ActiveMatrix BPM",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "4.2.0"
}
]
}
},
{
"product_name": "TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "4.2.0"
}
]
}
},
{
"product_name": "TIBCO ActiveMatrix Policy Director",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "1.1.0"
}
]
}
},
{
"product_name": "TIBCO ActiveMatrix Service Bus",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "3.3.0"
}
]
}
},
{
"product_name": "TIBCO ActiveMatrix Service Grid",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "3.3.1"
}
]
}
},
{
"product_name": "TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "3.3.0"
}
]
}
},
{
"product_name": "TIBCO Silver Fabric Enabler for ActiveMatrix BPM",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "1.4.1"
}
]
}
},
{
"product_name": "TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "1.3.1"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The administrative web server component of TIBCO Software Inc.\u0027s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Service Grid, TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric, TIBCO Silver Fabric Enabler for ActiveMatrix BPM, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid contains a vulnerability that could theoretically allow an unauthenticated user to download a file with credentials information. Affected releases are TIBCO Software Inc.\u0027s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, TIBCO ActiveMatrix Policy Director: versions up to and including 1.1.0, TIBCO ActiveMatrix Service Bus: versions up to and including 3.3.0, TIBCO ActiveMatrix Service Grid: versions up to and including 3.3.1, TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric: versions up to and including 3.3.0, TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid: versions up to and including 1.3.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the theoretical possibility that credentials could be disclosed."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "MISC",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-24-2019-tibco-active-matrix-service-grid-2019-8993",
"refsource": "MISC",
"url": "https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-24-2019-tibco-active-matrix-service-grid-2019-8993"
},
{
"name": "108056",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108056"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO ActiveMatrix BPM versions 4.2.0 and below update to version 4.3.0 or higher\nTIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric versions 4.2.0 and below update to 4.3.0 or higher\nTIBCO ActiveMatrix Policy Director versions 1.1.0 and below update to version 2.0.0 or higher. Due to the scheduled retirement of this product in early 2021, customers are strongly encouraged to contact TIBCO Support in order to explore alternative paths for remediation.\nTIBCO ActiveMatrix Service Bus versions 3.3.0 and below update to TIBCO ActiveMatrix Service Grid version 3.4.0 or higher (product functionality has been consolidated)\nTIBCO ActiveMatrix Service Grid versions 3.3.1 and below update to version 3.4.0 or higher\nTIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric versions 3.3.0 and below update to version 3.4.0 or higher\nTIBCO Silver Fabric Enabler for ActiveMatrix BPM versions 1.4.1 and below update to version 1.4.2 or higher\nTIBCO Silver Fabric Enabler for ActiveMatrix Service Grid versions 1.3.1 and below update to version 1.3.2 or higher"
}
],
"source": {
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2019-8993",
"datePublished": "2019-04-24T20:20:12.457365Z",
"dateReserved": "2019-02-21T00:00:00",
"dateUpdated": "2024-09-16T19:46:19.863Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8992 (GCVE-0-2019-8992)
Vulnerability from cvelistv5 – Published: 2019-04-24 20:20 – Updated: 2024-09-17 03:23
VLAI?
Summary
The administrative server component of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Service Grid, TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric, TIBCO Silver Fabric Enabler for ActiveMatrix BPM, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid contains a vulnerability wherein a user without privileges to upload distributed application archives ("Upload DAA" permission) can theoretically upload arbitrary code, and in some circumstances then execute that code on ActiveMatrix Service Grid nodes. Affected releases are TIBCO Software Inc.'s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, TIBCO ActiveMatrix Policy Director: versions up to and including 1.1.0, TIBCO ActiveMatrix Service Bus: versions up to and including 3.3.0, TIBCO ActiveMatrix Service Grid: versions up to and including 3.3.1, TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric: versions up to and including 3.3.0, TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid: versions up to and including 1.3.1.
Severity ?
9.9 (Critical)
CWE
- The impact of this vulnerability includes the theoretical possibility that a user without privileges to upload code could execute arbitrary code on ActiveMatrix Service Grid nodes.
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO ActiveMatrix BPM |
Affected:
unspecified , ≤ 4.2.0
(custom)
|
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:31:37.666Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-24-2019-tibco-active-matrix-service-grid-2019-8992"
},
{
"name": "108058",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108058"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO ActiveMatrix BPM",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "4.2.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "4.2.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO ActiveMatrix Policy Director",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "1.1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO ActiveMatrix Service Bus",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "3.3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO ActiveMatrix Service Grid",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "3.3.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "3.3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Silver Fabric Enabler for ActiveMatrix BPM",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "1.4.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "1.3.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-04-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The administrative server component of TIBCO Software Inc.\u0027s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Service Grid, TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric, TIBCO Silver Fabric Enabler for ActiveMatrix BPM, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid contains a vulnerability wherein a user without privileges to upload distributed application archives (\"Upload DAA\" permission) can theoretically upload arbitrary code, and in some circumstances then execute that code on ActiveMatrix Service Grid nodes. Affected releases are TIBCO Software Inc.\u0027s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, TIBCO ActiveMatrix Policy Director: versions up to and including 1.1.0, TIBCO ActiveMatrix Service Bus: versions up to and including 3.3.0, TIBCO ActiveMatrix Service Grid: versions up to and including 3.3.1, TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric: versions up to and including 3.3.0, TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid: versions up to and including 1.3.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the theoretical possibility that a user without privileges to upload code could execute arbitrary code on ActiveMatrix Service Grid nodes.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-25T08:06:02",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-24-2019-tibco-active-matrix-service-grid-2019-8992"
},
{
"name": "108058",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108058"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO ActiveMatrix BPM versions 4.2.0 and below update to version 4.3.0 or higher\nTIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric versions 4.2.0 and below update to 4.3.0 or higher\nTIBCO ActiveMatrix Policy Director versions 1.1.0 and below update to version 2.0.0 or higher. Due to the scheduled retirement of this product in early 2021, customers are strongly encouraged to contact TIBCO Support in order to explore alternative paths for remediation.\nTIBCO ActiveMatrix Service Bus versions 3.3.0 and below update to TIBCO ActiveMatrix Service Grid version 3.4.0 or higher (product functionality has been consolidated)\nTIBCO ActiveMatrix Service Grid versions 3.3.1 and below update to version 3.4.0 or higher\nTIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric versions 3.3.0 and below update to version 3.4.0 or higher\nTIBCO Silver Fabric Enabler for ActiveMatrix BPM versions 1.4.1 and below update to version 1.4.2 or higher\nTIBCO Silver Fabric Enabler for ActiveMatrix Service Grid versions 1.3.1 and below update to version 1.3.2 or higher"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "TIBCO Active Matrix Service Grid Administrator Remote Code Execution",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2019-04-24T16:00:00.000Z",
"ID": "CVE-2019-8992",
"STATE": "PUBLIC",
"TITLE": "TIBCO Active Matrix Service Grid Administrator Remote Code Execution"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO ActiveMatrix BPM",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "4.2.0"
}
]
}
},
{
"product_name": "TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "4.2.0"
}
]
}
},
{
"product_name": "TIBCO ActiveMatrix Policy Director",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "1.1.0"
}
]
}
},
{
"product_name": "TIBCO ActiveMatrix Service Bus",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "3.3.0"
}
]
}
},
{
"product_name": "TIBCO ActiveMatrix Service Grid",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "3.3.1"
}
]
}
},
{
"product_name": "TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "3.3.0"
}
]
}
},
{
"product_name": "TIBCO Silver Fabric Enabler for ActiveMatrix BPM",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "1.4.1"
}
]
}
},
{
"product_name": "TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "1.3.1"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The administrative server component of TIBCO Software Inc.\u0027s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Service Grid, TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric, TIBCO Silver Fabric Enabler for ActiveMatrix BPM, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid contains a vulnerability wherein a user without privileges to upload distributed application archives (\"Upload DAA\" permission) can theoretically upload arbitrary code, and in some circumstances then execute that code on ActiveMatrix Service Grid nodes. Affected releases are TIBCO Software Inc.\u0027s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, TIBCO ActiveMatrix Policy Director: versions up to and including 1.1.0, TIBCO ActiveMatrix Service Bus: versions up to and including 3.3.0, TIBCO ActiveMatrix Service Grid: versions up to and including 3.3.1, TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric: versions up to and including 3.3.0, TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid: versions up to and including 1.3.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the theoretical possibility that a user without privileges to upload code could execute arbitrary code on ActiveMatrix Service Grid nodes."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "MISC",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-24-2019-tibco-active-matrix-service-grid-2019-8992",
"refsource": "MISC",
"url": "https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-24-2019-tibco-active-matrix-service-grid-2019-8992"
},
{
"name": "108058",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108058"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO ActiveMatrix BPM versions 4.2.0 and below update to version 4.3.0 or higher\nTIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric versions 4.2.0 and below update to 4.3.0 or higher\nTIBCO ActiveMatrix Policy Director versions 1.1.0 and below update to version 2.0.0 or higher. Due to the scheduled retirement of this product in early 2021, customers are strongly encouraged to contact TIBCO Support in order to explore alternative paths for remediation.\nTIBCO ActiveMatrix Service Bus versions 3.3.0 and below update to TIBCO ActiveMatrix Service Grid version 3.4.0 or higher (product functionality has been consolidated)\nTIBCO ActiveMatrix Service Grid versions 3.3.1 and below update to version 3.4.0 or higher\nTIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric versions 3.3.0 and below update to version 3.4.0 or higher\nTIBCO Silver Fabric Enabler for ActiveMatrix BPM versions 1.4.1 and below update to version 1.4.2 or higher\nTIBCO Silver Fabric Enabler for ActiveMatrix Service Grid versions 1.3.1 and below update to version 1.3.2 or higher"
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2019-8992",
"datePublished": "2019-04-24T20:20:12.415598Z",
"dateReserved": "2019-02-21T00:00:00",
"dateUpdated": "2024-09-17T03:23:24.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8995 (GCVE-0-2019-8995)
Vulnerability from cvelistv5 – Published: 2019-04-24 20:20 – Updated: 2024-09-16 23:26
VLAI?
Summary
The workspace client, openspace client, and app development client of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM contain a vulnerability wherein a malicious URL could trick a user into visiting a website of the attacker's choice. Affected releases are TIBCO Software Inc.'s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1.
Severity ?
4.7 (Medium)
CWE
- The impact of this vulnerability includes the theoretical possibility that a user could be tricked into visiting a malicious website.
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO ActiveMatrix BPM |
Affected:
unspecified , ≤ 4.2.0
(custom)
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:31:37.646Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-24-2019-tibco-activematrix-bpm-2019-8995"
},
{
"name": "108062",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108062"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO ActiveMatrix BPM",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "4.2.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "4.2.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Silver Fabric Enabler for ActiveMatrix BPM",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "1.4.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-04-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The workspace client, openspace client, and app development client of TIBCO Software Inc.\u0027s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM contain a vulnerability wherein a malicious URL could trick a user into visiting a website of the attacker\u0027s choice. Affected releases are TIBCO Software Inc.\u0027s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the theoretical possibility that a user could be tricked into visiting a malicious website.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-25T10:06:02",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-24-2019-tibco-activematrix-bpm-2019-8995"
},
{
"name": "108062",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108062"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO ActiveMatrix BPM versions 4.2.0 and below update to version 4.3.0 or higher\nTIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric versions 4.2.0 and below update to 4.3.0 or higher\nTIBCO Silver Fabric Enabler for ActiveMatrix BPM versions 1.4.1 and below update to version 1.4.2 or higher"
}
],
"source": {
"discovery": "USER"
},
"title": "TIBCO ActiveMatrix BPM Open Redirect Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2019-04-24T16:00:00.000Z",
"ID": "CVE-2019-8995",
"STATE": "PUBLIC",
"TITLE": "TIBCO ActiveMatrix BPM Open Redirect Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO ActiveMatrix BPM",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "4.2.0"
}
]
}
},
{
"product_name": "TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "4.2.0"
}
]
}
},
{
"product_name": "TIBCO Silver Fabric Enabler for ActiveMatrix BPM",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "1.4.1"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The workspace client, openspace client, and app development client of TIBCO Software Inc.\u0027s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM contain a vulnerability wherein a malicious URL could trick a user into visiting a website of the attacker\u0027s choice. Affected releases are TIBCO Software Inc.\u0027s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the theoretical possibility that a user could be tricked into visiting a malicious website."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "MISC",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-24-2019-tibco-activematrix-bpm-2019-8995",
"refsource": "MISC",
"url": "https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-24-2019-tibco-activematrix-bpm-2019-8995"
},
{
"name": "108062",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108062"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO ActiveMatrix BPM versions 4.2.0 and below update to version 4.3.0 or higher\nTIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric versions 4.2.0 and below update to 4.3.0 or higher\nTIBCO Silver Fabric Enabler for ActiveMatrix BPM versions 1.4.1 and below update to version 1.4.2 or higher"
}
],
"source": {
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2019-8995",
"datePublished": "2019-04-24T20:20:12.532722Z",
"dateReserved": "2019-02-21T00:00:00",
"dateUpdated": "2024-09-16T23:26:17.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8991 (GCVE-0-2019-8991)
Vulnerability from cvelistv5 – Published: 2019-04-24 20:20 – Updated: 2024-09-16 18:39
VLAI?
Summary
The administrator web interface of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Service Grid, TIBCO Silver Fabric Enabler for ActiveMatrix BPM, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid contains multiple vulnerabilities that may allow for cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.'s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, TIBCO ActiveMatrix Policy Director: versions up to and including 1.1.0, TIBCO ActiveMatrix Service Bus: versions up to and including 3.3.0, TIBCO ActiveMatrix Service Grid: versions up to and including 3.3.1, TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid: versions up to and including 1.3.1.
Severity ?
8.8 (High)
CWE
- The impact of these vulnerabilities includes the theoretical possibility that an unprivileged remote attacker could gain full access to all the capabilities of the web interface of the TIBCO ActiveMatrix Administrator.
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO ActiveMatrix BPM |
Affected:
unspecified , ≤ 4.2.0
(custom)
|
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
Credits
TIBCO would like to extend its appreciation to Giulio Comi and Flavio Baldassi of Horizon Security for discovery of these vulnerabilities.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:31:37.651Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-24-2019-tibco-active-matrix-service-grid-2019-8991"
},
{
"name": "108059",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108059"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO ActiveMatrix BPM",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "4.2.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "4.2.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO ActiveMatrix Policy Director",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "1.1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO ActiveMatrix Service Bus",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "3.3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO ActiveMatrix Service Grid",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "3.3.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Silver Fabric Enabler for ActiveMatrix BPM",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "1.4.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "1.3.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "TIBCO would like to extend its appreciation to Giulio Comi and Flavio Baldassi of Horizon Security for discovery of these vulnerabilities."
}
],
"datePublic": "2019-04-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The administrator web interface of TIBCO Software Inc.\u0027s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Service Grid, TIBCO Silver Fabric Enabler for ActiveMatrix BPM, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid contains multiple vulnerabilities that may allow for cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.\u0027s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, TIBCO ActiveMatrix Policy Director: versions up to and including 1.1.0, TIBCO ActiveMatrix Service Bus: versions up to and including 3.3.0, TIBCO ActiveMatrix Service Grid: versions up to and including 3.3.1, TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid: versions up to and including 1.3.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of these vulnerabilities includes the theoretical possibility that an unprivileged remote attacker could gain full access to all the capabilities of the web interface of the TIBCO ActiveMatrix Administrator.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-25T10:06:02",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-24-2019-tibco-active-matrix-service-grid-2019-8991"
},
{
"name": "108059",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108059"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO ActiveMatrix BPM versions 4.2.0 and below update to version 4.3.0 or higher\nTIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric versions 4.2.0 and below update to 4.3.0 or higher\nTIBCO ActiveMatrix Policy Director versions 1.1.0 and below update to version 2.0.0 or higher. Due to the scheduled retirement of this product in early 2021, customers are strongly encouraged to contact TIBCO Support in order to explore alternative paths for remediation.\nTIBCO ActiveMatrix Service Bus versions 3.3.0 and below update to TIBCO ActiveMatrix Service Grid version 3.4.0 or higher (product functionality has been consolidated)\nTIBCO ActiveMatrix Service Grid versions 3.3.1 and below update to version 3.4.0 or higher\nTIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric versions 3.3.0 and below update to version 3.4.0 or higher\nTIBCO Silver Fabric Enabler for ActiveMatrix BPM versions 1.4.1 and below update to version 1.4.2 or higher\nTIBCO Silver Fabric Enabler for ActiveMatrix Service Grid versions 1.3.1 and below update to version 1.3.2 or higher"
}
],
"source": {
"discovery": "USER"
},
"title": "TIBCO Active Matrix Service Grid Administrator With Multiple Cross-Site Scripting and Cross-Site Request Forgery Vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2019-04-24T16:00:00.000Z",
"ID": "CVE-2019-8991",
"STATE": "PUBLIC",
"TITLE": "TIBCO Active Matrix Service Grid Administrator With Multiple Cross-Site Scripting and Cross-Site Request Forgery Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO ActiveMatrix BPM",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "4.2.0"
}
]
}
},
{
"product_name": "TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "4.2.0"
}
]
}
},
{
"product_name": "TIBCO ActiveMatrix Policy Director",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "1.1.0"
}
]
}
},
{
"product_name": "TIBCO ActiveMatrix Service Bus",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "3.3.0"
}
]
}
},
{
"product_name": "TIBCO ActiveMatrix Service Grid",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "3.3.1"
}
]
}
},
{
"product_name": "TIBCO Silver Fabric Enabler for ActiveMatrix BPM",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "1.4.1"
}
]
}
},
{
"product_name": "TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "1.3.1"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "TIBCO would like to extend its appreciation to Giulio Comi and Flavio Baldassi of Horizon Security for discovery of these vulnerabilities."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The administrator web interface of TIBCO Software Inc.\u0027s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Service Grid, TIBCO Silver Fabric Enabler for ActiveMatrix BPM, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid contains multiple vulnerabilities that may allow for cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.\u0027s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, TIBCO ActiveMatrix Policy Director: versions up to and including 1.1.0, TIBCO ActiveMatrix Service Bus: versions up to and including 3.3.0, TIBCO ActiveMatrix Service Grid: versions up to and including 3.3.1, TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid: versions up to and including 1.3.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of these vulnerabilities includes the theoretical possibility that an unprivileged remote attacker could gain full access to all the capabilities of the web interface of the TIBCO ActiveMatrix Administrator."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "MISC",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-24-2019-tibco-active-matrix-service-grid-2019-8991",
"refsource": "MISC",
"url": "https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-24-2019-tibco-active-matrix-service-grid-2019-8991"
},
{
"name": "108059",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108059"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO ActiveMatrix BPM versions 4.2.0 and below update to version 4.3.0 or higher\nTIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric versions 4.2.0 and below update to 4.3.0 or higher\nTIBCO ActiveMatrix Policy Director versions 1.1.0 and below update to version 2.0.0 or higher. Due to the scheduled retirement of this product in early 2021, customers are strongly encouraged to contact TIBCO Support in order to explore alternative paths for remediation.\nTIBCO ActiveMatrix Service Bus versions 3.3.0 and below update to TIBCO ActiveMatrix Service Grid version 3.4.0 or higher (product functionality has been consolidated)\nTIBCO ActiveMatrix Service Grid versions 3.3.1 and below update to version 3.4.0 or higher\nTIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric versions 3.3.0 and below update to version 3.4.0 or higher\nTIBCO Silver Fabric Enabler for ActiveMatrix BPM versions 1.4.1 and below update to version 1.4.2 or higher\nTIBCO Silver Fabric Enabler for ActiveMatrix Service Grid versions 1.3.1 and below update to version 1.3.2 or higher"
}
],
"source": {
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2019-8991",
"datePublished": "2019-04-24T20:20:12.373688Z",
"dateReserved": "2019-02-21T00:00:00",
"dateUpdated": "2024-09-16T18:39:49.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0689 (GCVE-0-2012-0689)
Vulnerability from cvelistv5 – Published: 2012-03-13 10:00 – Updated: 2024-09-16 16:18
VLAI?
Summary
The server in TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid and Service Bus 3.x before 3.1.5, BusinessWorks Service Engine 5.9.x before 5.9.3, and BPM before 1.3.0 allows remote attackers to discover credentials via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:30:53.823Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/multimedia/activematrix3_advisory_20120308_tcm8-15728.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The server in TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid and Service Bus 3.x before 3.1.5, BusinessWorks Service Engine 5.9.x before 5.9.3, and BPM before 1.3.0 allows remote attackers to discover credentials via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-03-13T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/multimedia/activematrix3_advisory_20120308_tcm8-15728.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0689",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The server in TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid and Service Bus 3.x before 3.1.5, BusinessWorks Service Engine 5.9.x before 5.9.3, and BPM before 1.3.0 allows remote attackers to discover credentials via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp"
},
{
"name": "http://www.tibco.com/multimedia/activematrix3_advisory_20120308_tcm8-15728.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/multimedia/activematrix3_advisory_20120308_tcm8-15728.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-0689",
"datePublished": "2012-03-13T10:00:00Z",
"dateReserved": "2012-01-12T00:00:00Z",
"dateUpdated": "2024-09-16T16:18:59.010Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0687 (GCVE-0-2012-0687)
Vulnerability from cvelistv5 – Published: 2012-03-13 10:00 – Updated: 2024-09-16 18:55
VLAI?
Summary
TIBCO ActiveMatrix Runtime Platform in Service Grid and Service Bus 2.x before 2.3.2 and BusinessWorks Service Engine before 5.8.2; TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid and Service Bus 3.x before 3.1.5, BusinessWorks Service Engine 5.9.x before 5.9.3, and BPM before 1.3.0; TIBCO BusinessEvents Runtime in Enterprise and Inference Editions 3.x before 3.0.3, Standard Edition 4.x before 4.0.2, and Standard Edition and Express 5.0.0; and TIBCO BusinessWorks Engine in TIBCO Silver Fabric ActiveMatrix BusinessWorks Distribution 5.9.2 and ActiveMatrix BusinessWorks before 5.9.3 allow remote attackers to obtain sensitive information via a crafted URL.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:30:53.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/multimedia/businessworks_advisory_20120308_tcm8-15730.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/multimedia/activematrix2_advisory_20120308_tcm8-15726.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/multimedia/activematrix3_advisory_20120308_tcm8-15728.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/multimedia/businessevents_advisory_20120308_tcm8-15729.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TIBCO ActiveMatrix Runtime Platform in Service Grid and Service Bus 2.x before 2.3.2 and BusinessWorks Service Engine before 5.8.2; TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid and Service Bus 3.x before 3.1.5, BusinessWorks Service Engine 5.9.x before 5.9.3, and BPM before 1.3.0; TIBCO BusinessEvents Runtime in Enterprise and Inference Editions 3.x before 3.0.3, Standard Edition 4.x before 4.0.2, and Standard Edition and Express 5.0.0; and TIBCO BusinessWorks Engine in TIBCO Silver Fabric ActiveMatrix BusinessWorks Distribution 5.9.2 and ActiveMatrix BusinessWorks before 5.9.3 allow remote attackers to obtain sensitive information via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-03-13T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/multimedia/businessworks_advisory_20120308_tcm8-15730.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/multimedia/activematrix2_advisory_20120308_tcm8-15726.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/multimedia/activematrix3_advisory_20120308_tcm8-15728.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/multimedia/businessevents_advisory_20120308_tcm8-15729.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0687",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TIBCO ActiveMatrix Runtime Platform in Service Grid and Service Bus 2.x before 2.3.2 and BusinessWorks Service Engine before 5.8.2; TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid and Service Bus 3.x before 3.1.5, BusinessWorks Service Engine 5.9.x before 5.9.3, and BPM before 1.3.0; TIBCO BusinessEvents Runtime in Enterprise and Inference Editions 3.x before 3.0.3, Standard Edition 4.x before 4.0.2, and Standard Edition and Express 5.0.0; and TIBCO BusinessWorks Engine in TIBCO Silver Fabric ActiveMatrix BusinessWorks Distribution 5.9.2 and ActiveMatrix BusinessWorks before 5.9.3 allow remote attackers to obtain sensitive information via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp"
},
{
"name": "http://www.tibco.com/multimedia/businessworks_advisory_20120308_tcm8-15730.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/multimedia/businessworks_advisory_20120308_tcm8-15730.txt"
},
{
"name": "http://www.tibco.com/multimedia/activematrix2_advisory_20120308_tcm8-15726.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/multimedia/activematrix2_advisory_20120308_tcm8-15726.txt"
},
{
"name": "http://www.tibco.com/multimedia/activematrix3_advisory_20120308_tcm8-15728.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/multimedia/activematrix3_advisory_20120308_tcm8-15728.txt"
},
{
"name": "http://www.tibco.com/multimedia/businessevents_advisory_20120308_tcm8-15729.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/multimedia/businessevents_advisory_20120308_tcm8-15729.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-0687",
"datePublished": "2012-03-13T10:00:00Z",
"dateReserved": "2012-01-12T00:00:00Z",
"dateUpdated": "2024-09-16T18:55:51.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0688 (GCVE-0-2012-0688)
Vulnerability from cvelistv5 – Published: 2012-03-13 10:00 – Updated: 2024-09-17 03:54
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid and Service Bus 3.x before 3.1.5, BusinessWorks Service Engine 5.9.x before 5.9.3, and BPM before 1.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:30:53.800Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/multimedia/activematrix3_advisory_20120308_tcm8-15728.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid and Service Bus 3.x before 3.1.5, BusinessWorks Service Engine 5.9.x before 5.9.3, and BPM before 1.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-03-13T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/multimedia/activematrix3_advisory_20120308_tcm8-15728.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0688",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid and Service Bus 3.x before 3.1.5, BusinessWorks Service Engine 5.9.x before 5.9.3, and BPM before 1.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp"
},
{
"name": "http://www.tibco.com/multimedia/activematrix3_advisory_20120308_tcm8-15728.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/multimedia/activematrix3_advisory_20120308_tcm8-15728.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-0688",
"datePublished": "2012-03-13T10:00:00Z",
"dateReserved": "2012-01-12T00:00:00Z",
"dateUpdated": "2024-09-17T03:54:21.490Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4495 (GCVE-0-2010-4495)
Vulnerability from cvelistv5 – Published: 2010-12-17 18:00 – Updated: 2024-09-16 23:51
VLAI?
Summary
Unspecified vulnerability in the ActiveMatrix Runtime component in TIBCO ActiveMatrix Service Grid 3.0.0, 3.0.1, and 3.1.0; ActiveMatrix Service Bus 3.0.0 and 3.0.1; ActiveMatrix BusinessWorks Service Engine 5.9.0; ActiveMatrix BPM 1.0.1 and 1.0.2; Silver BPM Service 1.0.1; and Silver CAP Service 1.0.0 allows remote authenticated users to execute arbitrary code via vectors related to JMX connections.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:51:16.964Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "42640",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42640"
},
{
"name": "ADV-2010-3241",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3241"
},
{
"name": "45400",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45400"
},
{
"name": "1024894",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1024894"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/multimedia/activematrix_advisory_20101214_tcm8-12728.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the ActiveMatrix Runtime component in TIBCO ActiveMatrix Service Grid 3.0.0, 3.0.1, and 3.1.0; ActiveMatrix Service Bus 3.0.0 and 3.0.1; ActiveMatrix BusinessWorks Service Engine 5.9.0; ActiveMatrix BPM 1.0.1 and 1.0.2; Silver BPM Service 1.0.1; and Silver CAP Service 1.0.0 allows remote authenticated users to execute arbitrary code via vectors related to JMX connections."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-12-17T18:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "42640",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42640"
},
{
"name": "ADV-2010-3241",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3241"
},
{
"name": "45400",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45400"
},
{
"name": "1024894",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1024894"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/multimedia/activematrix_advisory_20101214_tcm8-12728.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4495",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the ActiveMatrix Runtime component in TIBCO ActiveMatrix Service Grid 3.0.0, 3.0.1, and 3.1.0; ActiveMatrix Service Bus 3.0.0 and 3.0.1; ActiveMatrix BusinessWorks Service Engine 5.9.0; ActiveMatrix BPM 1.0.1 and 1.0.2; Silver BPM Service 1.0.1; and Silver CAP Service 1.0.0 allows remote authenticated users to execute arbitrary code via vectors related to JMX connections."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42640",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42640"
},
{
"name": "ADV-2010-3241",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3241"
},
{
"name": "45400",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45400"
},
{
"name": "1024894",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024894"
},
{
"name": "http://www.tibco.com/multimedia/activematrix_advisory_20101214_tcm8-12728.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/multimedia/activematrix_advisory_20101214_tcm8-12728.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4495",
"datePublished": "2010-12-17T18:00:00Z",
"dateReserved": "2010-12-07T00:00:00Z",
"dateUpdated": "2024-09-16T23:51:27.186Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8993 (GCVE-0-2019-8993)
Vulnerability from nvd – Published: 2019-04-24 20:20 – Updated: 2024-09-16 19:46
VLAI?
Summary
The administrative web server component of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Service Grid, TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric, TIBCO Silver Fabric Enabler for ActiveMatrix BPM, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid contains a vulnerability that could theoretically allow an unauthenticated user to download a file with credentials information. Affected releases are TIBCO Software Inc.'s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, TIBCO ActiveMatrix Policy Director: versions up to and including 1.1.0, TIBCO ActiveMatrix Service Bus: versions up to and including 3.3.0, TIBCO ActiveMatrix Service Grid: versions up to and including 3.3.1, TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric: versions up to and including 3.3.0, TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid: versions up to and including 1.3.1.
Severity ?
8.6 (High)
CWE
- The impact of this vulnerability includes the theoretical possibility that credentials could be disclosed.
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO ActiveMatrix BPM |
Affected:
unspecified , ≤ 4.2.0
(custom)
|
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:31:37.620Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-24-2019-tibco-active-matrix-service-grid-2019-8993"
},
{
"name": "108056",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108056"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO ActiveMatrix BPM",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "4.2.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "4.2.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO ActiveMatrix Policy Director",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "1.1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO ActiveMatrix Service Bus",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "3.3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO ActiveMatrix Service Grid",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "3.3.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "3.3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Silver Fabric Enabler for ActiveMatrix BPM",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "1.4.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "1.3.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-04-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The administrative web server component of TIBCO Software Inc.\u0027s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Service Grid, TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric, TIBCO Silver Fabric Enabler for ActiveMatrix BPM, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid contains a vulnerability that could theoretically allow an unauthenticated user to download a file with credentials information. Affected releases are TIBCO Software Inc.\u0027s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, TIBCO ActiveMatrix Policy Director: versions up to and including 1.1.0, TIBCO ActiveMatrix Service Bus: versions up to and including 3.3.0, TIBCO ActiveMatrix Service Grid: versions up to and including 3.3.1, TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric: versions up to and including 3.3.0, TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid: versions up to and including 1.3.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the theoretical possibility that credentials could be disclosed.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-25T08:06:02",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-24-2019-tibco-active-matrix-service-grid-2019-8993"
},
{
"name": "108056",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108056"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO ActiveMatrix BPM versions 4.2.0 and below update to version 4.3.0 or higher\nTIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric versions 4.2.0 and below update to 4.3.0 or higher\nTIBCO ActiveMatrix Policy Director versions 1.1.0 and below update to version 2.0.0 or higher. Due to the scheduled retirement of this product in early 2021, customers are strongly encouraged to contact TIBCO Support in order to explore alternative paths for remediation.\nTIBCO ActiveMatrix Service Bus versions 3.3.0 and below update to TIBCO ActiveMatrix Service Grid version 3.4.0 or higher (product functionality has been consolidated)\nTIBCO ActiveMatrix Service Grid versions 3.3.1 and below update to version 3.4.0 or higher\nTIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric versions 3.3.0 and below update to version 3.4.0 or higher\nTIBCO Silver Fabric Enabler for ActiveMatrix BPM versions 1.4.1 and below update to version 1.4.2 or higher\nTIBCO Silver Fabric Enabler for ActiveMatrix Service Grid versions 1.3.1 and below update to version 1.3.2 or higher"
}
],
"source": {
"discovery": "USER"
},
"title": "TIBCO Active Matrix Service Grid Administrator Unauthenticated Download of Sensitive File",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2019-04-24T16:00:00.000Z",
"ID": "CVE-2019-8993",
"STATE": "PUBLIC",
"TITLE": "TIBCO Active Matrix Service Grid Administrator Unauthenticated Download of Sensitive File"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO ActiveMatrix BPM",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "4.2.0"
}
]
}
},
{
"product_name": "TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "4.2.0"
}
]
}
},
{
"product_name": "TIBCO ActiveMatrix Policy Director",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "1.1.0"
}
]
}
},
{
"product_name": "TIBCO ActiveMatrix Service Bus",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "3.3.0"
}
]
}
},
{
"product_name": "TIBCO ActiveMatrix Service Grid",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "3.3.1"
}
]
}
},
{
"product_name": "TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "3.3.0"
}
]
}
},
{
"product_name": "TIBCO Silver Fabric Enabler for ActiveMatrix BPM",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "1.4.1"
}
]
}
},
{
"product_name": "TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "1.3.1"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The administrative web server component of TIBCO Software Inc.\u0027s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Service Grid, TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric, TIBCO Silver Fabric Enabler for ActiveMatrix BPM, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid contains a vulnerability that could theoretically allow an unauthenticated user to download a file with credentials information. Affected releases are TIBCO Software Inc.\u0027s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, TIBCO ActiveMatrix Policy Director: versions up to and including 1.1.0, TIBCO ActiveMatrix Service Bus: versions up to and including 3.3.0, TIBCO ActiveMatrix Service Grid: versions up to and including 3.3.1, TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric: versions up to and including 3.3.0, TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid: versions up to and including 1.3.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the theoretical possibility that credentials could be disclosed."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "MISC",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-24-2019-tibco-active-matrix-service-grid-2019-8993",
"refsource": "MISC",
"url": "https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-24-2019-tibco-active-matrix-service-grid-2019-8993"
},
{
"name": "108056",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108056"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO ActiveMatrix BPM versions 4.2.0 and below update to version 4.3.0 or higher\nTIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric versions 4.2.0 and below update to 4.3.0 or higher\nTIBCO ActiveMatrix Policy Director versions 1.1.0 and below update to version 2.0.0 or higher. Due to the scheduled retirement of this product in early 2021, customers are strongly encouraged to contact TIBCO Support in order to explore alternative paths for remediation.\nTIBCO ActiveMatrix Service Bus versions 3.3.0 and below update to TIBCO ActiveMatrix Service Grid version 3.4.0 or higher (product functionality has been consolidated)\nTIBCO ActiveMatrix Service Grid versions 3.3.1 and below update to version 3.4.0 or higher\nTIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric versions 3.3.0 and below update to version 3.4.0 or higher\nTIBCO Silver Fabric Enabler for ActiveMatrix BPM versions 1.4.1 and below update to version 1.4.2 or higher\nTIBCO Silver Fabric Enabler for ActiveMatrix Service Grid versions 1.3.1 and below update to version 1.3.2 or higher"
}
],
"source": {
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2019-8993",
"datePublished": "2019-04-24T20:20:12.457365Z",
"dateReserved": "2019-02-21T00:00:00",
"dateUpdated": "2024-09-16T19:46:19.863Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8992 (GCVE-0-2019-8992)
Vulnerability from nvd – Published: 2019-04-24 20:20 – Updated: 2024-09-17 03:23
VLAI?
Summary
The administrative server component of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Service Grid, TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric, TIBCO Silver Fabric Enabler for ActiveMatrix BPM, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid contains a vulnerability wherein a user without privileges to upload distributed application archives ("Upload DAA" permission) can theoretically upload arbitrary code, and in some circumstances then execute that code on ActiveMatrix Service Grid nodes. Affected releases are TIBCO Software Inc.'s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, TIBCO ActiveMatrix Policy Director: versions up to and including 1.1.0, TIBCO ActiveMatrix Service Bus: versions up to and including 3.3.0, TIBCO ActiveMatrix Service Grid: versions up to and including 3.3.1, TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric: versions up to and including 3.3.0, TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid: versions up to and including 1.3.1.
Severity ?
9.9 (Critical)
CWE
- The impact of this vulnerability includes the theoretical possibility that a user without privileges to upload code could execute arbitrary code on ActiveMatrix Service Grid nodes.
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO ActiveMatrix BPM |
Affected:
unspecified , ≤ 4.2.0
(custom)
|
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:31:37.666Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-24-2019-tibco-active-matrix-service-grid-2019-8992"
},
{
"name": "108058",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108058"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO ActiveMatrix BPM",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "4.2.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "4.2.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO ActiveMatrix Policy Director",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "1.1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO ActiveMatrix Service Bus",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "3.3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO ActiveMatrix Service Grid",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "3.3.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "3.3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Silver Fabric Enabler for ActiveMatrix BPM",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "1.4.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "1.3.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-04-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The administrative server component of TIBCO Software Inc.\u0027s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Service Grid, TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric, TIBCO Silver Fabric Enabler for ActiveMatrix BPM, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid contains a vulnerability wherein a user without privileges to upload distributed application archives (\"Upload DAA\" permission) can theoretically upload arbitrary code, and in some circumstances then execute that code on ActiveMatrix Service Grid nodes. Affected releases are TIBCO Software Inc.\u0027s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, TIBCO ActiveMatrix Policy Director: versions up to and including 1.1.0, TIBCO ActiveMatrix Service Bus: versions up to and including 3.3.0, TIBCO ActiveMatrix Service Grid: versions up to and including 3.3.1, TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric: versions up to and including 3.3.0, TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid: versions up to and including 1.3.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the theoretical possibility that a user without privileges to upload code could execute arbitrary code on ActiveMatrix Service Grid nodes.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-25T08:06:02",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-24-2019-tibco-active-matrix-service-grid-2019-8992"
},
{
"name": "108058",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108058"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO ActiveMatrix BPM versions 4.2.0 and below update to version 4.3.0 or higher\nTIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric versions 4.2.0 and below update to 4.3.0 or higher\nTIBCO ActiveMatrix Policy Director versions 1.1.0 and below update to version 2.0.0 or higher. Due to the scheduled retirement of this product in early 2021, customers are strongly encouraged to contact TIBCO Support in order to explore alternative paths for remediation.\nTIBCO ActiveMatrix Service Bus versions 3.3.0 and below update to TIBCO ActiveMatrix Service Grid version 3.4.0 or higher (product functionality has been consolidated)\nTIBCO ActiveMatrix Service Grid versions 3.3.1 and below update to version 3.4.0 or higher\nTIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric versions 3.3.0 and below update to version 3.4.0 or higher\nTIBCO Silver Fabric Enabler for ActiveMatrix BPM versions 1.4.1 and below update to version 1.4.2 or higher\nTIBCO Silver Fabric Enabler for ActiveMatrix Service Grid versions 1.3.1 and below update to version 1.3.2 or higher"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "TIBCO Active Matrix Service Grid Administrator Remote Code Execution",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2019-04-24T16:00:00.000Z",
"ID": "CVE-2019-8992",
"STATE": "PUBLIC",
"TITLE": "TIBCO Active Matrix Service Grid Administrator Remote Code Execution"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO ActiveMatrix BPM",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "4.2.0"
}
]
}
},
{
"product_name": "TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "4.2.0"
}
]
}
},
{
"product_name": "TIBCO ActiveMatrix Policy Director",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "1.1.0"
}
]
}
},
{
"product_name": "TIBCO ActiveMatrix Service Bus",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "3.3.0"
}
]
}
},
{
"product_name": "TIBCO ActiveMatrix Service Grid",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "3.3.1"
}
]
}
},
{
"product_name": "TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "3.3.0"
}
]
}
},
{
"product_name": "TIBCO Silver Fabric Enabler for ActiveMatrix BPM",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "1.4.1"
}
]
}
},
{
"product_name": "TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "1.3.1"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The administrative server component of TIBCO Software Inc.\u0027s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Service Grid, TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric, TIBCO Silver Fabric Enabler for ActiveMatrix BPM, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid contains a vulnerability wherein a user without privileges to upload distributed application archives (\"Upload DAA\" permission) can theoretically upload arbitrary code, and in some circumstances then execute that code on ActiveMatrix Service Grid nodes. Affected releases are TIBCO Software Inc.\u0027s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, TIBCO ActiveMatrix Policy Director: versions up to and including 1.1.0, TIBCO ActiveMatrix Service Bus: versions up to and including 3.3.0, TIBCO ActiveMatrix Service Grid: versions up to and including 3.3.1, TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric: versions up to and including 3.3.0, TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid: versions up to and including 1.3.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the theoretical possibility that a user without privileges to upload code could execute arbitrary code on ActiveMatrix Service Grid nodes."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "MISC",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-24-2019-tibco-active-matrix-service-grid-2019-8992",
"refsource": "MISC",
"url": "https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-24-2019-tibco-active-matrix-service-grid-2019-8992"
},
{
"name": "108058",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108058"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO ActiveMatrix BPM versions 4.2.0 and below update to version 4.3.0 or higher\nTIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric versions 4.2.0 and below update to 4.3.0 or higher\nTIBCO ActiveMatrix Policy Director versions 1.1.0 and below update to version 2.0.0 or higher. Due to the scheduled retirement of this product in early 2021, customers are strongly encouraged to contact TIBCO Support in order to explore alternative paths for remediation.\nTIBCO ActiveMatrix Service Bus versions 3.3.0 and below update to TIBCO ActiveMatrix Service Grid version 3.4.0 or higher (product functionality has been consolidated)\nTIBCO ActiveMatrix Service Grid versions 3.3.1 and below update to version 3.4.0 or higher\nTIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric versions 3.3.0 and below update to version 3.4.0 or higher\nTIBCO Silver Fabric Enabler for ActiveMatrix BPM versions 1.4.1 and below update to version 1.4.2 or higher\nTIBCO Silver Fabric Enabler for ActiveMatrix Service Grid versions 1.3.1 and below update to version 1.3.2 or higher"
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2019-8992",
"datePublished": "2019-04-24T20:20:12.415598Z",
"dateReserved": "2019-02-21T00:00:00",
"dateUpdated": "2024-09-17T03:23:24.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8995 (GCVE-0-2019-8995)
Vulnerability from nvd – Published: 2019-04-24 20:20 – Updated: 2024-09-16 23:26
VLAI?
Summary
The workspace client, openspace client, and app development client of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM contain a vulnerability wherein a malicious URL could trick a user into visiting a website of the attacker's choice. Affected releases are TIBCO Software Inc.'s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1.
Severity ?
4.7 (Medium)
CWE
- The impact of this vulnerability includes the theoretical possibility that a user could be tricked into visiting a malicious website.
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO ActiveMatrix BPM |
Affected:
unspecified , ≤ 4.2.0
(custom)
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:31:37.646Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-24-2019-tibco-activematrix-bpm-2019-8995"
},
{
"name": "108062",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108062"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO ActiveMatrix BPM",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "4.2.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "4.2.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Silver Fabric Enabler for ActiveMatrix BPM",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "1.4.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-04-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The workspace client, openspace client, and app development client of TIBCO Software Inc.\u0027s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM contain a vulnerability wherein a malicious URL could trick a user into visiting a website of the attacker\u0027s choice. Affected releases are TIBCO Software Inc.\u0027s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the theoretical possibility that a user could be tricked into visiting a malicious website.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-25T10:06:02",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-24-2019-tibco-activematrix-bpm-2019-8995"
},
{
"name": "108062",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108062"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO ActiveMatrix BPM versions 4.2.0 and below update to version 4.3.0 or higher\nTIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric versions 4.2.0 and below update to 4.3.0 or higher\nTIBCO Silver Fabric Enabler for ActiveMatrix BPM versions 1.4.1 and below update to version 1.4.2 or higher"
}
],
"source": {
"discovery": "USER"
},
"title": "TIBCO ActiveMatrix BPM Open Redirect Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2019-04-24T16:00:00.000Z",
"ID": "CVE-2019-8995",
"STATE": "PUBLIC",
"TITLE": "TIBCO ActiveMatrix BPM Open Redirect Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO ActiveMatrix BPM",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "4.2.0"
}
]
}
},
{
"product_name": "TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "4.2.0"
}
]
}
},
{
"product_name": "TIBCO Silver Fabric Enabler for ActiveMatrix BPM",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "1.4.1"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The workspace client, openspace client, and app development client of TIBCO Software Inc.\u0027s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM contain a vulnerability wherein a malicious URL could trick a user into visiting a website of the attacker\u0027s choice. Affected releases are TIBCO Software Inc.\u0027s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the theoretical possibility that a user could be tricked into visiting a malicious website."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "MISC",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-24-2019-tibco-activematrix-bpm-2019-8995",
"refsource": "MISC",
"url": "https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-24-2019-tibco-activematrix-bpm-2019-8995"
},
{
"name": "108062",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108062"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO ActiveMatrix BPM versions 4.2.0 and below update to version 4.3.0 or higher\nTIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric versions 4.2.0 and below update to 4.3.0 or higher\nTIBCO Silver Fabric Enabler for ActiveMatrix BPM versions 1.4.1 and below update to version 1.4.2 or higher"
}
],
"source": {
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2019-8995",
"datePublished": "2019-04-24T20:20:12.532722Z",
"dateReserved": "2019-02-21T00:00:00",
"dateUpdated": "2024-09-16T23:26:17.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8991 (GCVE-0-2019-8991)
Vulnerability from nvd – Published: 2019-04-24 20:20 – Updated: 2024-09-16 18:39
VLAI?
Summary
The administrator web interface of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Service Grid, TIBCO Silver Fabric Enabler for ActiveMatrix BPM, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid contains multiple vulnerabilities that may allow for cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.'s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, TIBCO ActiveMatrix Policy Director: versions up to and including 1.1.0, TIBCO ActiveMatrix Service Bus: versions up to and including 3.3.0, TIBCO ActiveMatrix Service Grid: versions up to and including 3.3.1, TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid: versions up to and including 1.3.1.
Severity ?
8.8 (High)
CWE
- The impact of these vulnerabilities includes the theoretical possibility that an unprivileged remote attacker could gain full access to all the capabilities of the web interface of the TIBCO ActiveMatrix Administrator.
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO ActiveMatrix BPM |
Affected:
unspecified , ≤ 4.2.0
(custom)
|
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
Credits
TIBCO would like to extend its appreciation to Giulio Comi and Flavio Baldassi of Horizon Security for discovery of these vulnerabilities.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:31:37.651Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-24-2019-tibco-active-matrix-service-grid-2019-8991"
},
{
"name": "108059",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108059"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO ActiveMatrix BPM",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "4.2.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "4.2.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO ActiveMatrix Policy Director",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "1.1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO ActiveMatrix Service Bus",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "3.3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO ActiveMatrix Service Grid",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "3.3.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Silver Fabric Enabler for ActiveMatrix BPM",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "1.4.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "1.3.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "TIBCO would like to extend its appreciation to Giulio Comi and Flavio Baldassi of Horizon Security for discovery of these vulnerabilities."
}
],
"datePublic": "2019-04-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The administrator web interface of TIBCO Software Inc.\u0027s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Service Grid, TIBCO Silver Fabric Enabler for ActiveMatrix BPM, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid contains multiple vulnerabilities that may allow for cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.\u0027s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, TIBCO ActiveMatrix Policy Director: versions up to and including 1.1.0, TIBCO ActiveMatrix Service Bus: versions up to and including 3.3.0, TIBCO ActiveMatrix Service Grid: versions up to and including 3.3.1, TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid: versions up to and including 1.3.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of these vulnerabilities includes the theoretical possibility that an unprivileged remote attacker could gain full access to all the capabilities of the web interface of the TIBCO ActiveMatrix Administrator.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-25T10:06:02",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-24-2019-tibco-active-matrix-service-grid-2019-8991"
},
{
"name": "108059",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108059"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO ActiveMatrix BPM versions 4.2.0 and below update to version 4.3.0 or higher\nTIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric versions 4.2.0 and below update to 4.3.0 or higher\nTIBCO ActiveMatrix Policy Director versions 1.1.0 and below update to version 2.0.0 or higher. Due to the scheduled retirement of this product in early 2021, customers are strongly encouraged to contact TIBCO Support in order to explore alternative paths for remediation.\nTIBCO ActiveMatrix Service Bus versions 3.3.0 and below update to TIBCO ActiveMatrix Service Grid version 3.4.0 or higher (product functionality has been consolidated)\nTIBCO ActiveMatrix Service Grid versions 3.3.1 and below update to version 3.4.0 or higher\nTIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric versions 3.3.0 and below update to version 3.4.0 or higher\nTIBCO Silver Fabric Enabler for ActiveMatrix BPM versions 1.4.1 and below update to version 1.4.2 or higher\nTIBCO Silver Fabric Enabler for ActiveMatrix Service Grid versions 1.3.1 and below update to version 1.3.2 or higher"
}
],
"source": {
"discovery": "USER"
},
"title": "TIBCO Active Matrix Service Grid Administrator With Multiple Cross-Site Scripting and Cross-Site Request Forgery Vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2019-04-24T16:00:00.000Z",
"ID": "CVE-2019-8991",
"STATE": "PUBLIC",
"TITLE": "TIBCO Active Matrix Service Grid Administrator With Multiple Cross-Site Scripting and Cross-Site Request Forgery Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO ActiveMatrix BPM",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "4.2.0"
}
]
}
},
{
"product_name": "TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "4.2.0"
}
]
}
},
{
"product_name": "TIBCO ActiveMatrix Policy Director",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "1.1.0"
}
]
}
},
{
"product_name": "TIBCO ActiveMatrix Service Bus",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "3.3.0"
}
]
}
},
{
"product_name": "TIBCO ActiveMatrix Service Grid",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "3.3.1"
}
]
}
},
{
"product_name": "TIBCO Silver Fabric Enabler for ActiveMatrix BPM",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "1.4.1"
}
]
}
},
{
"product_name": "TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "1.3.1"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "TIBCO would like to extend its appreciation to Giulio Comi and Flavio Baldassi of Horizon Security for discovery of these vulnerabilities."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The administrator web interface of TIBCO Software Inc.\u0027s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Service Grid, TIBCO Silver Fabric Enabler for ActiveMatrix BPM, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid contains multiple vulnerabilities that may allow for cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.\u0027s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, TIBCO ActiveMatrix Policy Director: versions up to and including 1.1.0, TIBCO ActiveMatrix Service Bus: versions up to and including 3.3.0, TIBCO ActiveMatrix Service Grid: versions up to and including 3.3.1, TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid: versions up to and including 1.3.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of these vulnerabilities includes the theoretical possibility that an unprivileged remote attacker could gain full access to all the capabilities of the web interface of the TIBCO ActiveMatrix Administrator."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "MISC",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-24-2019-tibco-active-matrix-service-grid-2019-8991",
"refsource": "MISC",
"url": "https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-24-2019-tibco-active-matrix-service-grid-2019-8991"
},
{
"name": "108059",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108059"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO ActiveMatrix BPM versions 4.2.0 and below update to version 4.3.0 or higher\nTIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric versions 4.2.0 and below update to 4.3.0 or higher\nTIBCO ActiveMatrix Policy Director versions 1.1.0 and below update to version 2.0.0 or higher. Due to the scheduled retirement of this product in early 2021, customers are strongly encouraged to contact TIBCO Support in order to explore alternative paths for remediation.\nTIBCO ActiveMatrix Service Bus versions 3.3.0 and below update to TIBCO ActiveMatrix Service Grid version 3.4.0 or higher (product functionality has been consolidated)\nTIBCO ActiveMatrix Service Grid versions 3.3.1 and below update to version 3.4.0 or higher\nTIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric versions 3.3.0 and below update to version 3.4.0 or higher\nTIBCO Silver Fabric Enabler for ActiveMatrix BPM versions 1.4.1 and below update to version 1.4.2 or higher\nTIBCO Silver Fabric Enabler for ActiveMatrix Service Grid versions 1.3.1 and below update to version 1.3.2 or higher"
}
],
"source": {
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2019-8991",
"datePublished": "2019-04-24T20:20:12.373688Z",
"dateReserved": "2019-02-21T00:00:00",
"dateUpdated": "2024-09-16T18:39:49.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0689 (GCVE-0-2012-0689)
Vulnerability from nvd – Published: 2012-03-13 10:00 – Updated: 2024-09-16 16:18
VLAI?
Summary
The server in TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid and Service Bus 3.x before 3.1.5, BusinessWorks Service Engine 5.9.x before 5.9.3, and BPM before 1.3.0 allows remote attackers to discover credentials via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:30:53.823Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/multimedia/activematrix3_advisory_20120308_tcm8-15728.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The server in TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid and Service Bus 3.x before 3.1.5, BusinessWorks Service Engine 5.9.x before 5.9.3, and BPM before 1.3.0 allows remote attackers to discover credentials via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-03-13T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/multimedia/activematrix3_advisory_20120308_tcm8-15728.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0689",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The server in TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid and Service Bus 3.x before 3.1.5, BusinessWorks Service Engine 5.9.x before 5.9.3, and BPM before 1.3.0 allows remote attackers to discover credentials via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp"
},
{
"name": "http://www.tibco.com/multimedia/activematrix3_advisory_20120308_tcm8-15728.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/multimedia/activematrix3_advisory_20120308_tcm8-15728.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-0689",
"datePublished": "2012-03-13T10:00:00Z",
"dateReserved": "2012-01-12T00:00:00Z",
"dateUpdated": "2024-09-16T16:18:59.010Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0687 (GCVE-0-2012-0687)
Vulnerability from nvd – Published: 2012-03-13 10:00 – Updated: 2024-09-16 18:55
VLAI?
Summary
TIBCO ActiveMatrix Runtime Platform in Service Grid and Service Bus 2.x before 2.3.2 and BusinessWorks Service Engine before 5.8.2; TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid and Service Bus 3.x before 3.1.5, BusinessWorks Service Engine 5.9.x before 5.9.3, and BPM before 1.3.0; TIBCO BusinessEvents Runtime in Enterprise and Inference Editions 3.x before 3.0.3, Standard Edition 4.x before 4.0.2, and Standard Edition and Express 5.0.0; and TIBCO BusinessWorks Engine in TIBCO Silver Fabric ActiveMatrix BusinessWorks Distribution 5.9.2 and ActiveMatrix BusinessWorks before 5.9.3 allow remote attackers to obtain sensitive information via a crafted URL.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:30:53.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/multimedia/businessworks_advisory_20120308_tcm8-15730.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/multimedia/activematrix2_advisory_20120308_tcm8-15726.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/multimedia/activematrix3_advisory_20120308_tcm8-15728.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/multimedia/businessevents_advisory_20120308_tcm8-15729.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TIBCO ActiveMatrix Runtime Platform in Service Grid and Service Bus 2.x before 2.3.2 and BusinessWorks Service Engine before 5.8.2; TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid and Service Bus 3.x before 3.1.5, BusinessWorks Service Engine 5.9.x before 5.9.3, and BPM before 1.3.0; TIBCO BusinessEvents Runtime in Enterprise and Inference Editions 3.x before 3.0.3, Standard Edition 4.x before 4.0.2, and Standard Edition and Express 5.0.0; and TIBCO BusinessWorks Engine in TIBCO Silver Fabric ActiveMatrix BusinessWorks Distribution 5.9.2 and ActiveMatrix BusinessWorks before 5.9.3 allow remote attackers to obtain sensitive information via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-03-13T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/multimedia/businessworks_advisory_20120308_tcm8-15730.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/multimedia/activematrix2_advisory_20120308_tcm8-15726.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/multimedia/activematrix3_advisory_20120308_tcm8-15728.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/multimedia/businessevents_advisory_20120308_tcm8-15729.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0687",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TIBCO ActiveMatrix Runtime Platform in Service Grid and Service Bus 2.x before 2.3.2 and BusinessWorks Service Engine before 5.8.2; TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid and Service Bus 3.x before 3.1.5, BusinessWorks Service Engine 5.9.x before 5.9.3, and BPM before 1.3.0; TIBCO BusinessEvents Runtime in Enterprise and Inference Editions 3.x before 3.0.3, Standard Edition 4.x before 4.0.2, and Standard Edition and Express 5.0.0; and TIBCO BusinessWorks Engine in TIBCO Silver Fabric ActiveMatrix BusinessWorks Distribution 5.9.2 and ActiveMatrix BusinessWorks before 5.9.3 allow remote attackers to obtain sensitive information via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp"
},
{
"name": "http://www.tibco.com/multimedia/businessworks_advisory_20120308_tcm8-15730.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/multimedia/businessworks_advisory_20120308_tcm8-15730.txt"
},
{
"name": "http://www.tibco.com/multimedia/activematrix2_advisory_20120308_tcm8-15726.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/multimedia/activematrix2_advisory_20120308_tcm8-15726.txt"
},
{
"name": "http://www.tibco.com/multimedia/activematrix3_advisory_20120308_tcm8-15728.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/multimedia/activematrix3_advisory_20120308_tcm8-15728.txt"
},
{
"name": "http://www.tibco.com/multimedia/businessevents_advisory_20120308_tcm8-15729.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/multimedia/businessevents_advisory_20120308_tcm8-15729.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-0687",
"datePublished": "2012-03-13T10:00:00Z",
"dateReserved": "2012-01-12T00:00:00Z",
"dateUpdated": "2024-09-16T18:55:51.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0688 (GCVE-0-2012-0688)
Vulnerability from nvd – Published: 2012-03-13 10:00 – Updated: 2024-09-17 03:54
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid and Service Bus 3.x before 3.1.5, BusinessWorks Service Engine 5.9.x before 5.9.3, and BPM before 1.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:30:53.800Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/multimedia/activematrix3_advisory_20120308_tcm8-15728.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid and Service Bus 3.x before 3.1.5, BusinessWorks Service Engine 5.9.x before 5.9.3, and BPM before 1.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-03-13T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/multimedia/activematrix3_advisory_20120308_tcm8-15728.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0688",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid and Service Bus 3.x before 3.1.5, BusinessWorks Service Engine 5.9.x before 5.9.3, and BPM before 1.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp"
},
{
"name": "http://www.tibco.com/multimedia/activematrix3_advisory_20120308_tcm8-15728.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/multimedia/activematrix3_advisory_20120308_tcm8-15728.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-0688",
"datePublished": "2012-03-13T10:00:00Z",
"dateReserved": "2012-01-12T00:00:00Z",
"dateUpdated": "2024-09-17T03:54:21.490Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4495 (GCVE-0-2010-4495)
Vulnerability from nvd – Published: 2010-12-17 18:00 – Updated: 2024-09-16 23:51
VLAI?
Summary
Unspecified vulnerability in the ActiveMatrix Runtime component in TIBCO ActiveMatrix Service Grid 3.0.0, 3.0.1, and 3.1.0; ActiveMatrix Service Bus 3.0.0 and 3.0.1; ActiveMatrix BusinessWorks Service Engine 5.9.0; ActiveMatrix BPM 1.0.1 and 1.0.2; Silver BPM Service 1.0.1; and Silver CAP Service 1.0.0 allows remote authenticated users to execute arbitrary code via vectors related to JMX connections.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:51:16.964Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "42640",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42640"
},
{
"name": "ADV-2010-3241",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3241"
},
{
"name": "45400",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45400"
},
{
"name": "1024894",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1024894"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/multimedia/activematrix_advisory_20101214_tcm8-12728.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the ActiveMatrix Runtime component in TIBCO ActiveMatrix Service Grid 3.0.0, 3.0.1, and 3.1.0; ActiveMatrix Service Bus 3.0.0 and 3.0.1; ActiveMatrix BusinessWorks Service Engine 5.9.0; ActiveMatrix BPM 1.0.1 and 1.0.2; Silver BPM Service 1.0.1; and Silver CAP Service 1.0.0 allows remote authenticated users to execute arbitrary code via vectors related to JMX connections."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-12-17T18:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "42640",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42640"
},
{
"name": "ADV-2010-3241",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3241"
},
{
"name": "45400",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45400"
},
{
"name": "1024894",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1024894"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/multimedia/activematrix_advisory_20101214_tcm8-12728.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4495",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the ActiveMatrix Runtime component in TIBCO ActiveMatrix Service Grid 3.0.0, 3.0.1, and 3.1.0; ActiveMatrix Service Bus 3.0.0 and 3.0.1; ActiveMatrix BusinessWorks Service Engine 5.9.0; ActiveMatrix BPM 1.0.1 and 1.0.2; Silver BPM Service 1.0.1; and Silver CAP Service 1.0.0 allows remote authenticated users to execute arbitrary code via vectors related to JMX connections."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42640",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42640"
},
{
"name": "ADV-2010-3241",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3241"
},
{
"name": "45400",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45400"
},
{
"name": "1024894",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024894"
},
{
"name": "http://www.tibco.com/multimedia/activematrix_advisory_20101214_tcm8-12728.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/multimedia/activematrix_advisory_20101214_tcm8-12728.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4495",
"datePublished": "2010-12-17T18:00:00Z",
"dateReserved": "2010-12-07T00:00:00Z",
"dateUpdated": "2024-09-16T23:51:27.186Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}