FKIE_CVE-2010-0184

Vulnerability from fkie_nvd - Published: 2010-01-14 19:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
The (1) domainutility and (2) domainutilitycmd components in TIBCO Domain Utility in TIBCO Runtime Agent (TRA) before 5.6.2, as used in TIBCO ActiveMatrix BusinessWorks and other products, set weak permissions on domain properties files, which allows local users to obtain domain administrator credentials, and gain privileges on all domain systems, via unspecified vectors.
References
cve@mitre.orghttp://secunia.com/advisories/38191Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/37805
cve@mitre.orghttp://www.tibco.com/mk/advisory.jspVendor Advisory
cve@mitre.orghttp://www.tibco.com/multimedia/security_advisory_runtime_agent_20100113_tcm8-10392.txt
cve@mitre.orghttp://www.vupen.com/english/advisories/2010/0128Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/38191Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/37805
af854a3a-2127-422b-91ae-364da2661108http://www.tibco.com/mk/advisory.jspVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.tibco.com/multimedia/security_advisory_runtime_agent_20100113_tcm8-10392.txt
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/0128Vendor Advisory
Impacted products
Vendor Product Version
tibco runtime_agent *
tibco runtime_agent 5.4.0
tibco runtime_agent 5.5.3
tibco runtime_agent 5.5.4
tibco runtime_agent 5.6
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:tibco:runtime_agent:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB0D5A21-4A21-4DFF-9549-109039252387",
              "versionEndIncluding": "5.6.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tibco:runtime_agent:5.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A6C4A47-FBEF-4171-9C97-FFAD45ACB263",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tibco:runtime_agent:5.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "19E9CA44-31F3-48B2-834A-36F792A71761",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tibco:runtime_agent:5.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A60DB3FE-F502-4A8E-A669-3837109A2211",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tibco:runtime_agent:5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCE75BE6-19FE-442D-80C1-87003D62786C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The (1) domainutility and (2) domainutilitycmd components in TIBCO Domain Utility in TIBCO Runtime Agent (TRA) before 5.6.2, as used in TIBCO ActiveMatrix BusinessWorks and other products, set weak permissions on domain properties files, which allows local users to obtain domain administrator credentials, and gain privileges on all domain systems, via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Los componentes (1)domainutility y (2)domainutilitycmd en TIBCO Domain Utility en TIBCO Runtime Agent (TRA) anterior a v5.6.2, usado en TIBCO ActiveMatrix BusinessWorks y otros productos, establece permisos d\u00e9biles sobre los archivos de propiedades del dominio, lo que permite a usuarios locales, obtener credenciales de administrador, y obtener privilegios sobre todos lo sistemas, a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2010-0184",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-01-14T19:30:00.483",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/38191"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/37805"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.tibco.com/mk/advisory.jsp"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.tibco.com/multimedia/security_advisory_runtime_agent_20100113_tcm8-10392.txt"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0128"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/38191"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/37805"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.tibco.com/mk/advisory.jsp"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.tibco.com/multimedia/security_advisory_runtime_agent_20100113_tcm8-10392.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0128"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.