Moderate

CVE-2014-5286 - Permissions, Privileges, and Access Control vulnerability in Tibco Activematrix Management Agent/Policy Agent/Policy Manager

Publication: 2015-02-19
Summary

The ActiveMatrix Policy Manager Authentication module in TIBCO ActiveMatrix Policy Agent 3.x before 3.1.2, ActiveMatrix Policy Manager 3.x before 3.1.2, ActiveMatrix Management Agent 1.x before 1.2.1 for WCF, and ActiveMatrix Management Agent 1.x before 1.2.1 for WebSphere allows remote attackers to gain privileges and obtain sensitive information via unspecified vectors.

Classification
CWE-264: Permissions, Privileges, and Access Control

Risk level (CVSS 6.4)

Moderate

6.4

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

  • Tibco Activematrix Management Agent 1.0.0
  • Tibco Activematrix Management Agent 1.0.0
  • Tibco Activematrix Management Agent 1.1.0
  • Tibco Activematrix Management Agent 1.1.0
  • Tibco Activematrix Management Agent 1.2.0
  • Tibco Activematrix Management Agent 1.2.0
  • Tibco Activematrix Policy Agent 3.0.0
  • Tibco Activematrix Policy Manager 3.0.0
  • Tibco Activematrix Policy Agent 3.1.0
  • Tibco Activematrix Policy Manager 3.1.0
  • Tibco Activematrix Policy Agent 3.1.1
  • Tibco Activematrix Policy Manager 3.1.1