Vulnerabilities > CVE-2010-4498 - Input Validation vulnerability in TIBCO

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

tibco

NVD

Published: 2011-01-07

Updated: 2017-08-17

Summary

Unspecified vulnerability in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allows remote attackers to modify data or obtain sensitive information via a crafted URL. Per: http://www.tibco.com/services/support/advisories/cim-advisory_20100105.jsp 'Customers with current maintenance can obtain product updates through their TIBCO fulfillment channels.'

Vulnerable Configurations

Part	Description	Count
Application	Tibco Tibco Activecatalog * Tibco Collaborative Information Manager *	2

References

http://osvdb.org/70373
http://secunia.com/advisories/42791
http://www.securityfocus.com/bid/45691
http://www.securitytracker.com/id?1024942
http://www.tibco.com/multimedia/cim_advisory_20110105_tcm8-12765.txt
http://www.tibco.com/services/support/advisories/cim-advisory_20100105.jsp
http://www.vupen.com/english/advisories/2011/0037
https://exchange.xforce.ibmcloud.com/vulnerabilities/64522