fkie_cve-2010-0184
Vulnerability from fkie_nvd
Published
2010-01-14 19:30
Modified
2025-04-09 00:30
Severity ?
Summary
The (1) domainutility and (2) domainutilitycmd components in TIBCO Domain Utility in TIBCO Runtime Agent (TRA) before 5.6.2, as used in TIBCO ActiveMatrix BusinessWorks and other products, set weak permissions on domain properties files, which allows local users to obtain domain administrator credentials, and gain privileges on all domain systems, via unspecified vectors.
References
cve@mitre.orghttp://secunia.com/advisories/38191Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/37805
cve@mitre.orghttp://www.tibco.com/mk/advisory.jspVendor Advisory
cve@mitre.orghttp://www.tibco.com/multimedia/security_advisory_runtime_agent_20100113_tcm8-10392.txt
cve@mitre.orghttp://www.vupen.com/english/advisories/2010/0128Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/38191Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/37805
af854a3a-2127-422b-91ae-364da2661108http://www.tibco.com/mk/advisory.jspVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.tibco.com/multimedia/security_advisory_runtime_agent_20100113_tcm8-10392.txt
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/0128Vendor Advisory
Impacted products
Vendor Product Version
tibco runtime_agent *
tibco runtime_agent 5.4.0
tibco runtime_agent 5.5.3
tibco runtime_agent 5.5.4
tibco runtime_agent 5.6


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:tibco:runtime_agent:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DB0D5A21-4A21-4DFF-9549-109039252387",
                     versionEndIncluding: "5.6.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:tibco:runtime_agent:5.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "0A6C4A47-FBEF-4171-9C97-FFAD45ACB263",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:tibco:runtime_agent:5.5.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "19E9CA44-31F3-48B2-834A-36F792A71761",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:tibco:runtime_agent:5.5.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "A60DB3FE-F502-4A8E-A669-3837109A2211",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:tibco:runtime_agent:5.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "DCE75BE6-19FE-442D-80C1-87003D62786C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The (1) domainutility and (2) domainutilitycmd components in TIBCO Domain Utility in TIBCO Runtime Agent (TRA) before 5.6.2, as used in TIBCO ActiveMatrix BusinessWorks and other products, set weak permissions on domain properties files, which allows local users to obtain domain administrator credentials, and gain privileges on all domain systems, via unspecified vectors.",
      },
      {
         lang: "es",
         value: "Los componentes (1)domainutility y (2)domainutilitycmd en TIBCO Domain Utility en TIBCO Runtime Agent (TRA) anterior a v5.6.2, usado en TIBCO ActiveMatrix BusinessWorks y otros productos, establece permisos débiles sobre los archivos de propiedades del dominio, lo que permite a usuarios locales, obtener credenciales de administrador, y obtener privilegios sobre todos lo sistemas, a través de vectores no especificados.",
      },
   ],
   id: "CVE-2010-0184",
   lastModified: "2025-04-09T00:30:58.490",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 7.2,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2010-01-14T19:30:00.483",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/38191",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/bid/37805",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.tibco.com/mk/advisory.jsp",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.tibco.com/multimedia/security_advisory_runtime_agent_20100113_tcm8-10392.txt",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2010/0128",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/38191",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/37805",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.tibco.com/mk/advisory.jsp",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.tibco.com/multimedia/security_advisory_runtime_agent_20100113_tcm8-10392.txt",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2010/0128",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Deferred",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-264",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.