TIBCO ActiveMatrix Products Unspecified Credentials Information Disclosure Vulnerability

Bugtraq ID:	52383
Class:	Design Error
CVE:	CVE-2012-0689
Remote:	Yes
Local:	No
Published:	Mar 09 2012 12:00AM
Updated:	Mar 09 2012 12:00AM
Credit:	TIBCO
Vulnerable:	TIBCO Silver Fabric ActiveMatrix Service Grid 3.1.3 TIBCO ActiveMatrix Service Grid 3.1.1 TIBCO ActiveMatrix Service Grid 3.1 TIBCO ActiveMatrix Service Grid 3.0.2 TIBCO ActiveMatrix Service Grid 3.0.1 TIBCO ActiveMatrix Service Grid 3.0.1 TIBCO ActiveMatrix Service Grid 3.0 TIBCO ActiveMatrix BusinessWorks Service Engine 5.9.1 TIBCO ActiveMatrix BusinessWorks Service Engine 5.9 TIBCO ActiveMatrix BPM 1.0.3 TIBCO ActiveMatrix BPM 1.0.2
Not Vulnerable:	TIBCO Silver Fabric ActiveMatrix Service Grid 3.1.5 TIBCO ActiveMatrix Service Grid 3.1.5 TIBCO ActiveMatrix BusinessWorks Service Engine 5.9.3 TIBCO ActiveMatrix BPM 1.3

TIBCO ActiveMatrix Products Unspecified Credentials Information Disclosure Vulnerability

TIBCO ActiveMatrix products are prone to an unspecified information-disclosure vulnerability that may expose credential information to clients.

Successful exploits will allow unauthenticated attackers to obtain sensitive information that may aid in further attacks.

The following products are affected:

TIBCO ActiveMatrix Service Grid version 3.X below 3.1.5
TIBCO ActiveMatrix Service Bus version 3.X below 3.1.5
TIBCO ActiveMatrix BusinessWorks Service Engine version 5.9.X below 5.9.3
TIBCO ActiveMatrix BPM below 1.3.0
TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3

TIBCO ActiveMatrix Products Unspecified Credentials Information Disclosure Vulnerability

Attackers can exploit this issue through a browser.

TIBCO ActiveMatrix Products Unspecified Credentials Information Disclosure Vulnerability

References:

• TIBCO ActiveMatrix Products Vulnerabilities (TIBCO)
  
• TIBCO Homepage (TIBCO)
  
• TIBCO Products Vulnerabilities (TIBCO)