CVE-2010-4496

{"id": "CVE-2010-4496", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2011-01-07T19:00:18.233", "references": [{"url": "http://osvdb.org/70371", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/42791", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/45691", "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1024942", "source": "cve@mitre.org"}, {"url": "http://www.tibco.com/multimedia/cim_advisory_20110105_tcm8-12765.txt", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.tibco.com/services/support/advisories/cim-advisory_20100105.jsp", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2011/0037", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64520", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allow remote attackers to execute arbitrary SQL commands via unspecified vectors."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en Collaborative Information Manager, como el que se usa en TIBCO Collaborative Information Manager anteriores a v8.1.0 y ActiveCatalog anteriores a 1.0.1, permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s de vectores no especificados."}], "lastModified": "2017-08-17T01:33:13.930", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:tibco:activecatalog:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B74F110D-E53A-4712-8C85-C7D192056BF4", "versionEndIncluding": "1.0"}, {"criteria": "cpe:2.3:a:tibco:collaborative_information_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4BEC429E-5352-45F6-8BFF-7287A8D4738B", "versionEndIncluding": "8.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org", "evaluatorSolution": "Per: http://www.tibco.com/services/support/advisories/cim-advisory_20100105.jsp\r\n\r\n'Customers with current maintenance can obtain product updates through their TIBCO fulfillment channels.'"}