Security Advisory for TIBCO ActiveMatrix® Policy Agent and TIBCO ActiveMatrix® Policy Manager

Security Advisory for TIBCO ActiveMatrix® Policy Agent and TIBCO ActiveMatrix® Policy Manager

book

Article ID: KB0108181

calendar_today

Updated On:

Products Versions
TIBCO ActiveMatrix Policy Agent -
TIBCO ActiveMatrix Management Agent for WCF -
TIBCO ActiveMatrix Management Agent for WebSphere -

Description

Description:
TIBCO ActiveMatrix Policy Manager/Agent vulnerabilities

 Original release date: February 18, 2015
 Last revised: --
 Source: TIBCO Software Inc.

Systems Affected

  •  TIBCO ActiveMatrix Policy Agent 3.0.0, 3.1.0, 3.1.1
  •  TIBCO ActiveMatrix Policy Manager 3.0.0, 3.1.0, 3.1.1
  •  TIBCO ActiveMatrix Management Agent for WCF 1.0.0, 1.1.0, 1.2.0
  •  TIBCO ActiveMatrix Management Agent for WebSphere 1.0.0, 1.1.0, 1.2.0

 The following components are affected:
  • TIBCO Policy Manager Authentication Module

Description
  The TIBCO Policy components listed above contain a critical vulnerability which could allow privilege escalation. TIBCO has released updated versions of the affected software products which address these issues. TIBCO strongly recommends sites running the affected components install the applicable update as described below.

Impact
  The impact of this vulnerability may include unprivileged information disclosure.
  • CVSS v2 Base Score: 3.5 (AV:N/AC:L/Au:N/C:P/I:P/A:N)

Solution
 For each affected system, update to the corresponding software versions:
  •  TIBCO ActiveMatrix Policy Agent 3.1.2 or higher
  •  TIBCO ActiveMatrix Policy Manager 3.1.2 or higher
  •  TIBCO ActiveMatrix Management Agent for WCF 1.2.1 or higher
  •  TIBCO ActiveMatrix Management Agent for WebSphere 1.2.1 or higher

References
 http://www.tibco.com/mk/advisory.jsp
 CVE: CVE-2014-5286

Environment

Product: TIBCO ActiveMatrix Policy Agent Version: 3.0.0, 3.1.0, 3.1.1 OS: All Supported Operating Systems -------------------- Product: TIBCO ActiveMatrix Policy Manager Version: 3.0.0, 3.1.0, 3.1.1 OS: All Supported Operating Systems -------------------- Product: TIBCO ActiveMatrix Management Agent for WCF Version: 1.0.0, 1.1.0, 1.2.0 OS: All Supported Operating Systems -------------------- Product: TIBCO ActiveMatrix Management Agent for Websphere Version: 1.0.0, 1.1.0, 1.2.0 OS: All Supported Operating Systems --------------------

Issue/Introduction

Security Advisory for TIBCO ActiveMatrix® Policy Agent and TIBCO ActiveMatrix® Policy Manager

Additional Information

 http://www.tibco.com/mk/advisory.jsp
 CVE: CVE-2014-5286
Powered by Wolken Software