Description
The (1) ActiveMatrix Runtime and (2) ActiveMatrix Administrator components in TIBCO ActiveMatrix Service Grid before 2.3.1, ActiveMatrix Service Bus before 2.3.1, ActiveMatrix BusinessWorks Service Engine before 5.8.1, and ActiveMatrix Service Performance Manager before 1.3.2 do not properly handle JMX connections, which allows remote attackers to execute arbitrary code, obtain sensitive information, or cause a denial of service via unspecified vectors.
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/44254
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/41891
Patch, Vendor Advisory x_refsource_confirm
http://www.tibco.com/services/support/advisories/activematrix-advisory_20101019.jsp
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/2747
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/62674
Vendor Advisory x_refsource_confirm
http://www.tibco.com/multimedia/activematrix_advisory_tcm8-12488.txt
Scores
EPSS
0.0476
EPSS Percentile
89.6%
Details
CWE
CWE-20
Status
published
Products (4)
tibco/activematrix_businessworks_service_engine
< 5.8.0
tibco/activematrix_service_bus
< 2.3.0
tibco/activematrix_service_grid
< 2.3.0
tibco/activematrix_service_performance_manager
< 1.3.1
Published
Oct 26, 2010
Tracked Since
Feb 18, 2026