CVE-2010-4496

critical

Description

Multiple SQL injection vulnerabilities in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/64520

http://www.vupen.com/english/advisories/2011/0037

http://www.tibco.com/services/support/advisories/cim-advisory_20100105.jsp

http://www.tibco.com/multimedia/cim_advisory_20110105_tcm8-12765.txt

http://www.securitytracker.com/id?1024942

http://www.securityfocus.com/bid/45691

http://secunia.com/advisories/42791

http://osvdb.org/70371

Details

Source: Mitre, NVD

Published: 2011-01-07

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00836