CVE-2010-0184

{"id": "CVE-2010-0184", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2010-01-14T19:30:00.483", "references": [{"url": "http://secunia.com/advisories/38191", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/37805", "source": "cve@mitre.org"}, {"url": "http://www.tibco.com/mk/advisory.jsp", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.tibco.com/multimedia/security_advisory_runtime_agent_20100113_tcm8-10392.txt", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2010/0128", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The (1) domainutility and (2) domainutilitycmd components in TIBCO Domain Utility in TIBCO Runtime Agent (TRA) before 5.6.2, as used in TIBCO ActiveMatrix BusinessWorks and other products, set weak permissions on domain properties files, which allows local users to obtain domain administrator credentials, and gain privileges on all domain systems, via unspecified vectors."}, {"lang": "es", "value": "Los componentes (1)domainutility y (2)domainutilitycmd en TIBCO Domain Utility en TIBCO Runtime Agent (TRA) anterior a v5.6.2, usado en TIBCO ActiveMatrix BusinessWorks y otros productos, establece permisos d\u00e9biles sobre los archivos de propiedades del dominio, lo que permite a usuarios locales, obtener credenciales de administrador, y obtener privilegios sobre todos lo sistemas, a trav\u00e9s de vectores no especificados."}], "lastModified": "2011-08-08T04:00:00.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:tibco:runtime_agent:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB0D5A21-4A21-4DFF-9549-109039252387", "versionEndIncluding": "5.6.1"}, {"criteria": "cpe:2.3:a:tibco:runtime_agent:5.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A6C4A47-FBEF-4171-9C97-FFAD45ACB263"}, {"criteria": "cpe:2.3:a:tibco:runtime_agent:5.5.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19E9CA44-31F3-48B2-834A-36F792A71761"}, {"criteria": "cpe:2.3:a:tibco:runtime_agent:5.5.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A60DB3FE-F502-4A8E-A669-3837109A2211"}, {"criteria": "cpe:2.3:a:tibco:runtime_agent:5.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DCE75BE6-19FE-442D-80C1-87003D62786C"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}