CVE-2010-4499

{"id": "CVE-2010-4499", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2011-01-07T19:00:18.657", "references": [{"url": "http://osvdb.org/70374", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/42791", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/45691", "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1024942", "source": "cve@mitre.org"}, {"url": "http://www.tibco.com/multimedia/cim_advisory_20110105_tcm8-12765.txt", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.tibco.com/services/support/advisories/cim-advisory_20100105.jsp", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2011/0037", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64523", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Session fixation vulnerability in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allows remote attackers to hijack web sessions via unspecified vectors."}, {"lang": "es", "value": "Vulnerabilidad de fijaci\u00f3n de sesi\u00f3n en el servidor Collaborative Information Manager, como el usado den TIBCO Collaborative Informaci\u00f3n Manager anteriores a v8.1.0 y ActiveCatalog anteriores a v1.0.1 permite a atacantes remotos secuestrar sesiones web a trav\u00e9s de vectores sin expecificar. \r\n"}], "lastModified": "2017-08-17T01:33:14.103", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:tibco:activecatalog:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B74F110D-E53A-4712-8C85-C7D192056BF4", "versionEndIncluding": "1.0"}, {"criteria": "cpe:2.3:a:tibco:collaborative_information_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4BEC429E-5352-45F6-8BFF-7287A8D4738B", "versionEndIncluding": "8.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}