TIBCO ActiveMatrix Service Grid, Service Bus, BusinessWorks Service Engine, and Service Performance Manager contain a flaw related to the ActiveMatrix Runtime and ActiveMatrix Administrator components failing to properly handle JMX connections. This may be exploited by a remote attacker to execute arbitrary code.

Upgrade to TIBCO ActiveMatrix Service Grid 2.3.1, TIBCO ActiveMatrix Service Bus 2.3.1, TIBCO ActiveMatrix BusinessWorks Service Engine 5.8.1, TIBCO ActiveMatrix Service Performance Manager 1.3.2, as they have been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

• CVE ID: 2010-3491 (see also: NVD)
• Secunia Advisory ID: 41891
• Bugtraq ID: 44254
• ISS X-Force ID: 62674
• VUPEN Advisory: ADV-2010-2747
• Vendor Specific Advisory URL: http://www.tibco.com/multimedia/activematrix_advisory_tcm8-12488.txt
  http://www.tibco.com/services/support/advisories/activematrix-advisory_20101019.jsp

• Not Available