CVE-2010-4496 - OpenCVE

Multiple SQL injection vulnerabilities in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Tibco	Collaborative Information Manager Activecatalog

Configuration 1 [-]

OR	cpe:2.3:a:tibco:activecatalog::::::::
	cpe:2.3:a:tibco:collaborative_information_manager::::::::

References

Link	Resource
http://osvdb.org/70371
http://secunia.com/advisories/42791	Vendor Advisory
http://www.securityfocus.com/bid/45691
http://www.securitytracker.com/id?1024942
http://www.tibco.com/multimedia/cim_advisory_20110105_tcm8-12765.txt	Vendor Advisory
http://www.tibco.com/services/support/advisories/cim-advisory_20100105.jsp	Vendor Advisory
http://www.vupen.com/english/advisories/2011/0037	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/64520

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2011-01-07T18:00:00

Updated: 2017-08-16T14:57:01

Reserved: 2010-12-07T00:00:00

Link: CVE-2010-4496

JSON object: View

NVD Information

Status : Modified

Published: 2011-01-07T19:00:18.233

Modified: 2017-08-17T01:33:13.930

Link: CVE-2010-4496

JSON object: View

Redhat Information

No data.

CWE

CWE-89

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-01-05T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allow remote attackers to execute arbitrary SQL commands via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "45691", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/45691"}, {"name": "70371", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/70371"}, {"name": "42791", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/42791"}, {"name": "ADV-2011-0037", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0037"}, {"name": "tibco-unspecified-sql-injection(64520)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64520"}, {"name": "1024942", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1024942"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.tibco.com/services/support/advisories/cim-advisory_20100105.jsp"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.tibco.com/multimedia/cim_advisory_20110105_tcm8-12765.txt"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-4496", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple SQL injection vulnerabilities in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allow remote attackers to execute arbitrary SQL commands via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "45691", "refsource": "BID", "url": "http://www.securityfocus.com/bid/45691"}, {"name": "70371", "refsource": "OSVDB", "url": "http://osvdb.org/70371"}, {"name": "42791", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/42791"}, {"name": "ADV-2011-0037", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0037"}, {"name": "tibco-unspecified-sql-injection(64520)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64520"}, {"name": "1024942", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1024942"}, {"name": "http://www.tibco.com/services/support/advisories/cim-advisory_20100105.jsp", "refsource": "CONFIRM", "url": "http://www.tibco.com/services/support/advisories/cim-advisory_20100105.jsp"}, {"name": "http://www.tibco.com/multimedia/cim_advisory_20110105_tcm8-12765.txt", "refsource": "CONFIRM", "url": "http://www.tibco.com/multimedia/cim_advisory_20110105_tcm8-12765.txt"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-4496", "datePublished": "2011-01-07T18:00:00", "dateReserved": "2010-12-07T00:00:00", "dateUpdated": "2017-08-16T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tibco:activecatalog:*:*:*:*:*:*:*:*", "matchCriteriaId": "B74F110D-E53A-4712-8C85-C7D192056BF4", "versionEndIncluding": "1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:collaborative_information_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "4BEC429E-5352-45F6-8BFF-7287A8D4738B", "versionEndIncluding": "8.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allow remote attackers to execute arbitrary SQL commands via unspecified vectors."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en Collaborative Information Manager, como el que se usa en TIBCO Collaborative Information Manager anteriores a v8.1.0 y ActiveCatalog anteriores a 1.0.1, permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s de vectores no especificados."}], "evaluatorSolution": "Per: http://www.tibco.com/services/support/advisories/cim-advisory_20100105.jsp\r\n\r\n'Customers with current maintenance can obtain product updates through their TIBCO fulfillment channels.'", "id": "CVE-2010-4496", "lastModified": "2017-08-17T01:33:13.930", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-01-07T19:00:18.233", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/70371"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/42791"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/45691"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1024942"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.tibco.com/multimedia/cim_advisory_20110105_tcm8-12765.txt"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.tibco.com/services/support/advisories/cim-advisory_20100105.jsp"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2011/0037"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64520"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}