Search

Find a vulnerability

Search criteria

    22 vulnerabilities found for enterprise_message_service by tibco

    CVE-2021-28822 (GCVE-0-2021-28822)

    Vulnerability from nvd – Published: 2021-03-23 20:15 – Updated: 2024-09-17 03:47
    VLAI
    Title
    TIBCO Enterprise Message Service Windows Platform Artifact Search vulnerability
    Summary
    The Enterprise Message Service Server (tibemsd), Enterprise Message Service Central Administration (tibemsca), Enterprise Message Service JSON configuration generator (tibemsconf2json), and Enterprise Message Service C API components of TIBCO Software Inc.'s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.'s TIBCO Enterprise Message Service: versions 8.5.1 and below, TIBCO Enterprise Message Service - Community Edition: versions 8.5.1 and below, and TIBCO Enterprise Message Service - Developer Edition: versions 8.5.1 and below.
    CWE
    • The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component.
    Assigner
    References
    Date Public
    2021-03-23 00:00
    Credits
    TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T21:55:11.567Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.tibco.com/services/support/advisories"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "TIBCO Enterprise Message Service",
              "vendor": "TIBCO Software Inc.",
              "versions": [
                {
                  "lessThanOrEqual": "8.5.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "TIBCO Enterprise Message Service - Community Edition",
              "vendor": "TIBCO Software Inc.",
              "versions": [
                {
                  "lessThanOrEqual": "8.5.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "TIBCO Enterprise Message Service - Developer Edition",
              "vendor": "TIBCO Software Inc.",
              "versions": [
                {
                  "lessThanOrEqual": "8.5.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability."
            }
          ],
          "datePublic": "2021-03-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Enterprise Message Service Server (tibemsd), Enterprise Message Service Central Administration (tibemsca), Enterprise Message Service JSON configuration generator (tibemsconf2json), and Enterprise Message Service C API components of TIBCO Software Inc.\u0027s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.\u0027s TIBCO Enterprise Message Service: versions 8.5.1 and below, TIBCO Enterprise Message Service - Community Edition: versions 8.5.1 and below, and TIBCO Enterprise Message Service - Developer Edition: versions 8.5.1 and below."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-23T20:15:24.000Z",
            "orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
            "shortName": "tibco"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.tibco.com/services/support/advisories"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Enterprise Message Service versions 8.5.1 and below update to version 8.6.0 or higher\nTIBCO Enterprise Message Service - Community Edition versions 8.5.1 and below update to version 8.6.0 or higher\nTIBCO Enterprise Message Service - Developer Edition versions 8.5.1 and below update to version 8.6.0 or higher"
            }
          ],
          "source": {
            "discovery": "Will Dormann of CERT/CC"
          },
          "title": "TIBCO Enterprise Message Service Windows Platform Artifact Search vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@tibco.com",
              "DATE_PUBLIC": "2021-03-23T17:00:00Z",
              "ID": "CVE-2021-28822",
              "STATE": "PUBLIC",
              "TITLE": "TIBCO Enterprise Message Service Windows Platform Artifact Search vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "TIBCO Enterprise Message Service",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "8.5.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "TIBCO Enterprise Message Service - Community Edition",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "8.5.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "TIBCO Enterprise Message Service - Developer Edition",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "8.5.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "TIBCO Software Inc."
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Enterprise Message Service Server (tibemsd), Enterprise Message Service Central Administration (tibemsca), Enterprise Message Service JSON configuration generator (tibemsconf2json), and Enterprise Message Service C API components of TIBCO Software Inc.\u0027s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.\u0027s TIBCO Enterprise Message Service: versions 8.5.1 and below, TIBCO Enterprise Message Service - Community Edition: versions 8.5.1 and below, and TIBCO Enterprise Message Service - Developer Edition: versions 8.5.1 and below."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.tibco.com/services/support/advisories",
                  "refsource": "CONFIRM",
                  "url": "http://www.tibco.com/services/support/advisories"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Enterprise Message Service versions 8.5.1 and below update to version 8.6.0 or higher\nTIBCO Enterprise Message Service - Community Edition versions 8.5.1 and below update to version 8.6.0 or higher\nTIBCO Enterprise Message Service - Developer Edition versions 8.5.1 and below update to version 8.6.0 or higher"
              }
            ],
            "source": {
              "discovery": "Will Dormann of CERT/CC"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
        "assignerShortName": "tibco",
        "cveId": "CVE-2021-28822",
        "datePublished": "2021-03-23T20:15:24.857Z",
        "dateReserved": "2021-03-18T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:47:42.618Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-28821 (GCVE-0-2021-28821)

    Vulnerability from nvd – Published: 2021-03-23 20:15 – Updated: 2024-09-16 22:36
    VLAI
    Title
    TIBCO Enterprise Message Service Windows Platform Installation vulnerability
    Summary
    The Windows Installation component of TIBCO Software Inc.'s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.'s TIBCO Enterprise Message Service: versions 8.5.1 and below, TIBCO Enterprise Message Service - Community Edition: versions 8.5.1 and below, and TIBCO Enterprise Message Service - Developer Edition: versions 8.5.1 and below.
    CWE
    • The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component.
    Assigner
    References
    Date Public
    2021-03-23 00:00
    Credits
    TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T21:55:11.558Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.tibco.com/services/support/advisories"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "TIBCO Enterprise Message Service",
              "vendor": "TIBCO Software Inc.",
              "versions": [
                {
                  "lessThanOrEqual": "8.5.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "TIBCO Enterprise Message Service - Community Edition",
              "vendor": "TIBCO Software Inc.",
              "versions": [
                {
                  "lessThanOrEqual": "8.5.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "TIBCO Enterprise Message Service - Developer Edition",
              "vendor": "TIBCO Software Inc.",
              "versions": [
                {
                  "lessThanOrEqual": "8.5.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability."
            }
          ],
          "datePublic": "2021-03-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Windows Installation component of TIBCO Software Inc.\u0027s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.\u0027s TIBCO Enterprise Message Service: versions 8.5.1 and below, TIBCO Enterprise Message Service - Community Edition: versions 8.5.1 and below, and TIBCO Enterprise Message Service - Developer Edition: versions 8.5.1 and below."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-23T20:15:24.000Z",
            "orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
            "shortName": "tibco"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.tibco.com/services/support/advisories"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Enterprise Message Service versions 8.5.1 and below update to version 8.6.0 or higher\nTIBCO Enterprise Message Service - Community Edition versions 8.5.1 and below update to version 8.6.0 or higher\nTIBCO Enterprise Message Service - Developer Edition versions 8.5.1 and below update to version 8.6.0 or higher"
            }
          ],
          "source": {
            "discovery": "Will Dormann of CERT/CC"
          },
          "title": "TIBCO Enterprise Message Service Windows Platform Installation vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@tibco.com",
              "DATE_PUBLIC": "2021-03-23T17:00:00Z",
              "ID": "CVE-2021-28821",
              "STATE": "PUBLIC",
              "TITLE": "TIBCO Enterprise Message Service Windows Platform Installation vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "TIBCO Enterprise Message Service",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "8.5.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "TIBCO Enterprise Message Service - Community Edition",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "8.5.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "TIBCO Enterprise Message Service - Developer Edition",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "8.5.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "TIBCO Software Inc."
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Windows Installation component of TIBCO Software Inc.\u0027s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.\u0027s TIBCO Enterprise Message Service: versions 8.5.1 and below, TIBCO Enterprise Message Service - Community Edition: versions 8.5.1 and below, and TIBCO Enterprise Message Service - Developer Edition: versions 8.5.1 and below."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.tibco.com/services/support/advisories",
                  "refsource": "CONFIRM",
                  "url": "http://www.tibco.com/services/support/advisories"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Enterprise Message Service versions 8.5.1 and below update to version 8.6.0 or higher\nTIBCO Enterprise Message Service - Community Edition versions 8.5.1 and below update to version 8.6.0 or higher\nTIBCO Enterprise Message Service - Developer Edition versions 8.5.1 and below update to version 8.6.0 or higher"
              }
            ],
            "source": {
              "discovery": "Will Dormann of CERT/CC"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
        "assignerShortName": "tibco",
        "cveId": "CVE-2021-28821",
        "datePublished": "2021-03-23T20:15:24.174Z",
        "dateReserved": "2021-03-18T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:36:09.372Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-12415 (GCVE-0-2018-12415)

    Vulnerability from nvd – Published: 2018-11-07 00:00 – Updated: 2024-09-16 20:22
    VLAI
    Title
    TIBCO Enterprise Message Service Vulnerable to CSRF Attacks
    Summary
    The Central Administration server (emsca) component of TIBCO Software Inc.'s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Enterprise Message Service: versions 8.4.0 and below, TIBCO Enterprise Message Service - Community Edition: versions 8.4.0 and below, and TIBCO Enterprise Message Service - Developer Edition: versions 8.4.0 and below.
    CWE
    • In deployments of TIBCO Enterprise Message Service (EMS) that use the Central Administration server, the impact of this vulnerability includes the theoretical possibility of reconfiguring all EMS servers administered by the affected component. With such access, the attacker might also be able to gain access to all data sent via EMS.
    Assigner
    References
    Date Public
    2018-11-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T08:38:05.049Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.tibco.com/services/support/advisories"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-enterprise-messaging-service"
              },
              {
                "name": "105850",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105850"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "TIBCO Enterprise Message Service",
              "vendor": "TIBCO Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.4.0 and previous"
                }
              ]
            },
            {
              "product": "TIBCO Enterprise Message Service - Community Edition",
              "vendor": "TIBCO Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.4.0 and previous"
                }
              ]
            },
            {
              "product": "TIBCO Enterprise Message Service - Developer Edition",
              "vendor": "TIBCO Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.4.0 and previous"
                }
              ]
            }
          ],
          "datePublic": "2018-11-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Central Administration server (emsca) component of TIBCO Software Inc.\u0027s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.\u0027s TIBCO Enterprise Message Service: versions 8.4.0 and below, TIBCO Enterprise Message Service - Community Edition: versions 8.4.0 and below, and TIBCO Enterprise Message Service - Developer Edition: versions 8.4.0 and below."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "In deployments of TIBCO Enterprise Message Service (EMS) that use the Central Administration server, the impact of this vulnerability includes the theoretical possibility of reconfiguring all EMS servers administered by the affected component. With such access, the attacker might also be able to gain access to all data sent via EMS.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-29T15:52:24.000Z",
            "orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
            "shortName": "tibco"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.tibco.com/services/support/advisories"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-enterprise-messaging-service"
            },
            {
              "name": "105850",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105850"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Enterprise Message Service versions 8.4.0 and below update to version 8.4.1 or higher\nTIBCO Enterprise Message Service - Community Edition versions 8.4.0 and below update to version 8.4.1 or higher\nTIBCO Enterprise Message Service - Developer Edition versions 8.4.0 and below update to version 8.4.1 or higher"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "TIBCO Enterprise Message Service Vulnerable to CSRF Attacks",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@tibco.com",
              "DATE_PUBLIC": "2018-11-06T17:00:00Z",
              "ID": "CVE-2018-12415",
              "STATE": "PUBLIC",
              "TITLE": "TIBCO Enterprise Message Service Vulnerable to CSRF Attacks",
              "UPDATED": "2020-01-28T17:00:00Z"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "TIBCO Enterprise Message Service",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "8.4.0 and previous"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "TIBCO Enterprise Message Service - Community Edition",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "8.4.0 and previous"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "TIBCO Enterprise Message Service - Developer Edition",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "8.4.0 and previous"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "TIBCO Software Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Central Administration server (emsca) component of TIBCO Software Inc.\u0027s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.\u0027s TIBCO Enterprise Message Service: versions 8.4.0 and below, TIBCO Enterprise Message Service - Community Edition: versions 8.4.0 and below, and TIBCO Enterprise Message Service - Developer Edition: versions 8.4.0 and below."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "In deployments of TIBCO Enterprise Message Service (EMS) that use the Central Administration server, the impact of this vulnerability includes the theoretical possibility of reconfiguring all EMS servers administered by the affected component. With such access, the attacker might also be able to gain access to all data sent via EMS."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.tibco.com/services/support/advisories",
                  "refsource": "MISC",
                  "url": "http://www.tibco.com/services/support/advisories"
                },
                {
                  "name": "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-enterprise-messaging-service",
                  "refsource": "CONFIRM",
                  "url": "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-enterprise-messaging-service"
                },
                {
                  "name": "105850",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105850"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Enterprise Message Service versions 8.4.0 and below update to version 8.4.1 or higher\nTIBCO Enterprise Message Service - Community Edition versions 8.4.0 and below update to version 8.4.1 or higher\nTIBCO Enterprise Message Service - Developer Edition versions 8.4.0 and below update to version 8.4.1 or higher"
              }
            ],
            "source": {
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
        "assignerShortName": "tibco",
        "cveId": "CVE-2018-12415",
        "datePublished": "2018-11-07T00:00:00.000Z",
        "dateReserved": "2018-06-14T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:22:46.057Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-3628 (GCVE-0-2016-3628)

    Vulnerability from nvd – Published: 2016-04-20 10:00 – Updated: 2024-08-06 00:03
    VLAI
    Summary
    Buffer overflow in tibemsd in the server in TIBCO Enterprise Message Service (EMS) before 8.3.0 and EMS Appliance before 2.4.0 allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via crafted inbound data.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2016-04-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:03:34.410Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.tibco.com/mk/advisory.jsp"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.tibco.com/assets/blt8a2d9978616c21fe/2016-001-advisory.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-04-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Buffer overflow in tibemsd in the server in TIBCO Enterprise Message Service (EMS) before 8.3.0 and EMS Appliance before 2.4.0 allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via crafted inbound data."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-04-20T04:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.tibco.com/mk/advisory.jsp"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.tibco.com/assets/blt8a2d9978616c21fe/2016-001-advisory.txt"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-3628",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Buffer overflow in tibemsd in the server in TIBCO Enterprise Message Service (EMS) before 8.3.0 and EMS Appliance before 2.4.0 allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via crafted inbound data."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.tibco.com/mk/advisory.jsp",
                  "refsource": "CONFIRM",
                  "url": "http://www.tibco.com/mk/advisory.jsp"
                },
                {
                  "name": "http://www.tibco.com/assets/blt8a2d9978616c21fe/2016-001-advisory.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.tibco.com/assets/blt8a2d9978616c21fe/2016-001-advisory.txt"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-3628",
        "datePublished": "2016-04-20T10:00:00.000Z",
        "dateReserved": "2016-03-21T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:03:34.410Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-0649 (GCVE-0-2011-0649)

    Vulnerability from nvd – Published: 2011-02-04 00:00 – Updated: 2024-08-06 21:58
    VLAI
    Summary
    Multiple unspecified vulnerabilities in TIBCO Rendezvous 8.2.1 through 8.3.0, Enterprise Message Service (EMS) 5.1.0 through 6.0.0, Runtime Agent (TRA) 5.6.2 through 5.7.0, Silver BPM Service before 1.0.4, Silver CAP Service vebefore 1.0.2, and Silver BusinessWorks Service 1.0.0, when running on Unix systems, allow local users to gain root privileges via unknown vectors related to SUID and (1) Rendezvous Routing Daemon (rvrd), (2) Rendezvous Secure Daemon (rvsd), (3) Rendezvous Secure Routing Daemon (rvsrd), and (4) EMS Server (tibemsd).
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/43174 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/43160 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2011/0269 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/bid/46104 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.tibco.com/multimedia/rv_ems_security_a… x_refsource_CONFIRM
    Date Public
    2011-02-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T21:58:26.051Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "43174",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/43174"
              },
              {
                "name": "43160",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/43160"
              },
              {
                "name": "ADV-2011-0269",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0269"
              },
              {
                "name": "46104",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/46104"
              },
              {
                "name": "tibco-suid-privilege-escalation(65105)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65105"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.tibco.com/multimedia/rv_ems_security_advisory_20110201_tcm8-13185.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-02-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple unspecified vulnerabilities in TIBCO Rendezvous 8.2.1 through 8.3.0, Enterprise Message Service (EMS) 5.1.0 through 6.0.0, Runtime Agent (TRA) 5.6.2 through 5.7.0, Silver BPM Service before 1.0.4, Silver CAP Service vebefore 1.0.2, and Silver BusinessWorks Service 1.0.0, when running on Unix systems, allow local users to gain root privileges via unknown vectors related to SUID and (1) Rendezvous Routing Daemon (rvrd), (2) Rendezvous Secure Daemon (rvsd), (3) Rendezvous Secure Routing Daemon (rvsrd), and (4) EMS Server (tibemsd)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "43174",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/43174"
            },
            {
              "name": "43160",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/43160"
            },
            {
              "name": "ADV-2011-0269",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0269"
            },
            {
              "name": "46104",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/46104"
            },
            {
              "name": "tibco-suid-privilege-escalation(65105)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65105"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.tibco.com/multimedia/rv_ems_security_advisory_20110201_tcm8-13185.txt"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-0649",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple unspecified vulnerabilities in TIBCO Rendezvous 8.2.1 through 8.3.0, Enterprise Message Service (EMS) 5.1.0 through 6.0.0, Runtime Agent (TRA) 5.6.2 through 5.7.0, Silver BPM Service before 1.0.4, Silver CAP Service vebefore 1.0.2, and Silver BusinessWorks Service 1.0.0, when running on Unix systems, allow local users to gain root privileges via unknown vectors related to SUID and (1) Rendezvous Routing Daemon (rvrd), (2) Rendezvous Secure Daemon (rvsd), (3) Rendezvous Secure Routing Daemon (rvsrd), and (4) EMS Server (tibemsd)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "43174",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/43174"
                },
                {
                  "name": "43160",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/43160"
                },
                {
                  "name": "ADV-2011-0269",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2011/0269"
                },
                {
                  "name": "46104",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/46104"
                },
                {
                  "name": "tibco-suid-privilege-escalation(65105)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65105"
                },
                {
                  "name": "http://www.tibco.com/multimedia/rv_ems_security_advisory_20110201_tcm8-13185.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.tibco.com/multimedia/rv_ems_security_advisory_20110201_tcm8-13185.txt"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-0649",
        "datePublished": "2011-02-04T00:00:00.000Z",
        "dateReserved": "2011-01-25T00:00:00.000Z",
        "dateUpdated": "2024-08-06T21:58:26.051Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-1291 (GCVE-0-2009-1291)

    Vulnerability from nvd – Published: 2009-04-30 20:00 – Updated: 2024-08-07 05:04
    VLAI
    Summary
    Stack-based buffer overflow in TIBCO SmartSockets before 6.8.2, SmartSockets Product Family (aka RTworks) before 4.0.5, and Enterprise Message Service (EMS) 4.0.0 through 5.1.1, as used in SmartSockets Server and RTworks Server (aka RTserver), SmartSockets client libraries and add-on products, RTworks libraries and components, EMS Server (aka tibemsd), SmartMQ, iProcess Engine, ActiveMatrix products, and CA Enterprise Communicator, allows remote attackers to execute arbitrary code via "inbound data," as demonstrated by requests to the UDP interface of the RTserver component, and data injection into the TCP stream to tibemsd.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2009-04-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T05:04:49.479Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.tibco.com/multimedia/security_advisory_rtworks_tcm8-7559.txt"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.tibco.com/services/support/advisories/default.jsp"
              },
              {
                "name": "1022129",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1022129"
              },
              {
                "name": "34754",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/34754"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.tibco.com/multimedia/security_advisory_smartsockets_tcm8-7560.txt"
              },
              {
                "name": "20090428 TIBCO SmartSockets Stack Buffer Overflow Vulnerability",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_IDEFENSE",
                  "x_transferred"
                ],
                "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=785"
              },
              {
                "name": "smartsockets-udp-bo(50214)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50214"
              },
              {
                "name": "ADV-2009-1198",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/1198"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.harmonysecurity.com/blog/2009/04/tibco-smartsockets-stack-buffer.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.tibco.com/services/support/advisories/smartsockets-sspfm-ems_advisory_20090428.jsp"
              },
              {
                "name": "34911",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/34911"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.tibco.com/multimedia/security_advisory_ems_tcm8-7558.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-04-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in TIBCO SmartSockets before 6.8.2, SmartSockets Product Family (aka RTworks) before 4.0.5, and Enterprise Message Service (EMS) 4.0.0 through 5.1.1, as used in SmartSockets Server and RTworks Server (aka RTserver), SmartSockets client libraries and add-on products, RTworks libraries and components, EMS Server (aka tibemsd), SmartMQ, iProcess Engine, ActiveMatrix products, and CA Enterprise Communicator, allows remote attackers to execute arbitrary code via \"inbound data,\" as demonstrated by requests to the UDP interface of the RTserver component, and data injection into the TCP stream to tibemsd."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.tibco.com/multimedia/security_advisory_rtworks_tcm8-7559.txt"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.tibco.com/services/support/advisories/default.jsp"
            },
            {
              "name": "1022129",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1022129"
            },
            {
              "name": "34754",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/34754"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.tibco.com/multimedia/security_advisory_smartsockets_tcm8-7560.txt"
            },
            {
              "name": "20090428 TIBCO SmartSockets Stack Buffer Overflow Vulnerability",
              "tags": [
                "third-party-advisory",
                "x_refsource_IDEFENSE"
              ],
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=785"
            },
            {
              "name": "smartsockets-udp-bo(50214)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50214"
            },
            {
              "name": "ADV-2009-1198",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/1198"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.harmonysecurity.com/blog/2009/04/tibco-smartsockets-stack-buffer.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.tibco.com/services/support/advisories/smartsockets-sspfm-ems_advisory_20090428.jsp"
            },
            {
              "name": "34911",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/34911"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.tibco.com/multimedia/security_advisory_ems_tcm8-7558.txt"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-1291",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stack-based buffer overflow in TIBCO SmartSockets before 6.8.2, SmartSockets Product Family (aka RTworks) before 4.0.5, and Enterprise Message Service (EMS) 4.0.0 through 5.1.1, as used in SmartSockets Server and RTworks Server (aka RTserver), SmartSockets client libraries and add-on products, RTworks libraries and components, EMS Server (aka tibemsd), SmartMQ, iProcess Engine, ActiveMatrix products, and CA Enterprise Communicator, allows remote attackers to execute arbitrary code via \"inbound data,\" as demonstrated by requests to the UDP interface of the RTserver component, and data injection into the TCP stream to tibemsd."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.tibco.com/multimedia/security_advisory_rtworks_tcm8-7559.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.tibco.com/multimedia/security_advisory_rtworks_tcm8-7559.txt"
                },
                {
                  "name": "http://www.tibco.com/services/support/advisories/default.jsp",
                  "refsource": "CONFIRM",
                  "url": "http://www.tibco.com/services/support/advisories/default.jsp"
                },
                {
                  "name": "1022129",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1022129"
                },
                {
                  "name": "34754",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/34754"
                },
                {
                  "name": "http://www.tibco.com/multimedia/security_advisory_smartsockets_tcm8-7560.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.tibco.com/multimedia/security_advisory_smartsockets_tcm8-7560.txt"
                },
                {
                  "name": "20090428 TIBCO SmartSockets Stack Buffer Overflow Vulnerability",
                  "refsource": "IDEFENSE",
                  "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=785"
                },
                {
                  "name": "smartsockets-udp-bo(50214)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50214"
                },
                {
                  "name": "ADV-2009-1198",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/1198"
                },
                {
                  "name": "http://www.harmonysecurity.com/blog/2009/04/tibco-smartsockets-stack-buffer.html",
                  "refsource": "MISC",
                  "url": "http://www.harmonysecurity.com/blog/2009/04/tibco-smartsockets-stack-buffer.html"
                },
                {
                  "name": "http://www.tibco.com/services/support/advisories/smartsockets-sspfm-ems_advisory_20090428.jsp",
                  "refsource": "CONFIRM",
                  "url": "http://www.tibco.com/services/support/advisories/smartsockets-sspfm-ems_advisory_20090428.jsp"
                },
                {
                  "name": "34911",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/34911"
                },
                {
                  "name": "http://www.tibco.com/multimedia/security_advisory_ems_tcm8-7558.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.tibco.com/multimedia/security_advisory_ems_tcm8-7558.txt"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-1291",
        "datePublished": "2009-04-30T20:00:00.000Z",
        "dateReserved": "2009-04-13T00:00:00.000Z",
        "dateUpdated": "2024-08-07T05:04:49.479Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1704 (GCVE-0-2008-1704)

    Vulnerability from nvd – Published: 2008-04-11 10:00 – Updated: 2024-08-07 08:32
    VLAI
    Summary
    Multiple buffer overflows in TIBCO Software Enterprise Message Service (EMS) before 4.4.3, and iProcess Engine 10.6.0 through 10.6.1, allow remote attackers to execute arbitrary code via a crafted message to the EMS server.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.tibco.com/resources/mk/ems_security_ad… x_refsource_CONFIRM
    http://www.securitytracker.com/id?1019826 vdb-entryx_refsource_SECTRACK
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/28717 vdb-entryx_refsource_BID
    http://www.vupen.com/english/advisories/2008/1190… vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/29775 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2008-04-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:32:01.297Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.tibco.com/resources/mk/ems_security_advisory_20080409.txt"
              },
              {
                "name": "1019826",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019826"
              },
              {
                "name": "tibco-ems-iprocess-code-execution(41761)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41761"
              },
              {
                "name": "28717",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/28717"
              },
              {
                "name": "ADV-2008-1190",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/1190/references"
              },
              {
                "name": "29775",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29775"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-04-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple buffer overflows in TIBCO Software Enterprise Message Service (EMS) before 4.4.3, and iProcess Engine 10.6.0 through 10.6.1, allow remote attackers to execute arbitrary code via a crafted message to the EMS server."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-07T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.tibco.com/resources/mk/ems_security_advisory_20080409.txt"
            },
            {
              "name": "1019826",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1019826"
            },
            {
              "name": "tibco-ems-iprocess-code-execution(41761)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41761"
            },
            {
              "name": "28717",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/28717"
            },
            {
              "name": "ADV-2008-1190",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1190/references"
            },
            {
              "name": "29775",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29775"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-1704",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple buffer overflows in TIBCO Software Enterprise Message Service (EMS) before 4.4.3, and iProcess Engine 10.6.0 through 10.6.1, allow remote attackers to execute arbitrary code via a crafted message to the EMS server."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.tibco.com/resources/mk/ems_security_advisory_20080409.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.tibco.com/resources/mk/ems_security_advisory_20080409.txt"
                },
                {
                  "name": "1019826",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1019826"
                },
                {
                  "name": "tibco-ems-iprocess-code-execution(41761)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41761"
                },
                {
                  "name": "28717",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/28717"
                },
                {
                  "name": "ADV-2008-1190",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/1190/references"
                },
                {
                  "name": "29775",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29775"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-1704",
        "datePublished": "2008-04-11T10:00:00.000Z",
        "dateReserved": "2008-04-08T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:32:01.297Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-5656 (GCVE-0-2007-5656)

    Vulnerability from nvd – Published: 2008-01-16 02:00 – Updated: 2024-08-07 15:39
    VLAI
    Summary
    TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted requests that control loop operations related to memory.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2008-01-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T15:39:13.614Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt"
              },
              {
                "name": "28490",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28490"
              },
              {
                "name": "1019193",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1019193"
              },
              {
                "name": "20080115 TIBCO SmartSockets RTServer Multiple Untrusted Loop Bounds Vulnerabilities",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_IDEFENSE",
                  "x_transferred"
                ],
                "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=641"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt"
              },
              {
                "name": "tibco-rtserver-loop-code-execution(39708)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39708"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.tibco.com/mk/advisory.jsp"
              },
              {
                "name": "27293",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/27293"
              },
              {
                "name": "ADV-2008-0173",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0173"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-01-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted requests that control loop operations related to memory."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt"
            },
            {
              "name": "28490",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28490"
            },
            {
              "name": "1019193",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1019193"
            },
            {
              "name": "20080115 TIBCO SmartSockets RTServer Multiple Untrusted Loop Bounds Vulnerabilities",
              "tags": [
                "third-party-advisory",
                "x_refsource_IDEFENSE"
              ],
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=641"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt"
            },
            {
              "name": "tibco-rtserver-loop-code-execution(39708)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39708"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.tibco.com/mk/advisory.jsp"
            },
            {
              "name": "27293",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/27293"
            },
            {
              "name": "ADV-2008-0173",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0173"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-5656",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted requests that control loop operations related to memory."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt"
                },
                {
                  "name": "28490",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28490"
                },
                {
                  "name": "1019193",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1019193"
                },
                {
                  "name": "20080115 TIBCO SmartSockets RTServer Multiple Untrusted Loop Bounds Vulnerabilities",
                  "refsource": "IDEFENSE",
                  "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=641"
                },
                {
                  "name": "http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt"
                },
                {
                  "name": "http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt"
                },
                {
                  "name": "tibco-rtserver-loop-code-execution(39708)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39708"
                },
                {
                  "name": "http://www.tibco.com/mk/advisory.jsp",
                  "refsource": "CONFIRM",
                  "url": "http://www.tibco.com/mk/advisory.jsp"
                },
                {
                  "name": "27293",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/27293"
                },
                {
                  "name": "ADV-2008-0173",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0173"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-5656",
        "datePublished": "2008-01-16T02:00:00.000Z",
        "dateReserved": "2007-10-23T00:00:00.000Z",
        "dateUpdated": "2024-08-07T15:39:13.614Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-5657 (GCVE-0-2007-5657)

    Vulnerability from nvd – Published: 2008-01-16 02:00 – Updated: 2024-08-07 15:39
    VLAI
    Summary
    TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing values that are used as pointer offsets.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2008-01-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T15:39:13.578Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt"
              },
              {
                "name": "28490",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28490"
              },
              {
                "name": "1019193",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1019193"
              },
              {
                "name": "20080115 TIBCO SmartSockets RTserver Multiple Untrusted Pointer Offset Vulnerabilities",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_IDEFENSE",
                  "x_transferred"
                ],
                "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=640"
              },
              {
                "name": "tibco-rtserver-offset-code-execution(39707)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39707"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.tibco.com/mk/advisory.jsp"
              },
              {
                "name": "27295",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/27295"
              },
              {
                "name": "ADV-2008-0173",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0173"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-01-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing values that are used as pointer offsets."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt"
            },
            {
              "name": "28490",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28490"
            },
            {
              "name": "1019193",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1019193"
            },
            {
              "name": "20080115 TIBCO SmartSockets RTserver Multiple Untrusted Pointer Offset Vulnerabilities",
              "tags": [
                "third-party-advisory",
                "x_refsource_IDEFENSE"
              ],
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=640"
            },
            {
              "name": "tibco-rtserver-offset-code-execution(39707)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39707"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.tibco.com/mk/advisory.jsp"
            },
            {
              "name": "27295",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/27295"
            },
            {
              "name": "ADV-2008-0173",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0173"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-5657",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing values that are used as pointer offsets."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt"
                },
                {
                  "name": "28490",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28490"
                },
                {
                  "name": "1019193",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1019193"
                },
                {
                  "name": "20080115 TIBCO SmartSockets RTserver Multiple Untrusted Pointer Offset Vulnerabilities",
                  "refsource": "IDEFENSE",
                  "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=640"
                },
                {
                  "name": "tibco-rtserver-offset-code-execution(39707)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39707"
                },
                {
                  "name": "http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt"
                },
                {
                  "name": "http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt"
                },
                {
                  "name": "http://www.tibco.com/mk/advisory.jsp",
                  "refsource": "CONFIRM",
                  "url": "http://www.tibco.com/mk/advisory.jsp"
                },
                {
                  "name": "27295",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/27295"
                },
                {
                  "name": "ADV-2008-0173",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0173"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-5657",
        "datePublished": "2008-01-16T02:00:00.000Z",
        "dateReserved": "2007-10-23T00:00:00.000Z",
        "dateUpdated": "2024-08-07T15:39:13.578Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-5658 (GCVE-0-2007-5658)

    Vulnerability from nvd – Published: 2008-01-16 02:00 – Updated: 2024-08-07 15:39
    VLAI
    Summary
    Heap-based buffer overflow in TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing size and copy-length values that trigger the overflow.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2008-01-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T15:39:13.566Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "27294",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/27294"
              },
              {
                "name": "tibco-rtserver-bo(39703)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39703"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt"
              },
              {
                "name": "20080115 TIBCO SmartSockets RTserver Heap Overflow Vulnerability",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_IDEFENSE",
                  "x_transferred"
                ],
                "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=638"
              },
              {
                "name": "28490",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28490"
              },
              {
                "name": "1019193",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1019193"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.tibco.com/mk/advisory.jsp"
              },
              {
                "name": "ADV-2008-0173",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0173"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-01-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing size and copy-length values that trigger the overflow."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "27294",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/27294"
            },
            {
              "name": "tibco-rtserver-bo(39703)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39703"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt"
            },
            {
              "name": "20080115 TIBCO SmartSockets RTserver Heap Overflow Vulnerability",
              "tags": [
                "third-party-advisory",
                "x_refsource_IDEFENSE"
              ],
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=638"
            },
            {
              "name": "28490",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28490"
            },
            {
              "name": "1019193",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1019193"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.tibco.com/mk/advisory.jsp"
            },
            {
              "name": "ADV-2008-0173",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0173"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-5658",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Heap-based buffer overflow in TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing size and copy-length values that trigger the overflow."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "27294",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/27294"
                },
                {
                  "name": "tibco-rtserver-bo(39703)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39703"
                },
                {
                  "name": "http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt"
                },
                {
                  "name": "20080115 TIBCO SmartSockets RTserver Heap Overflow Vulnerability",
                  "refsource": "IDEFENSE",
                  "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=638"
                },
                {
                  "name": "28490",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28490"
                },
                {
                  "name": "1019193",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1019193"
                },
                {
                  "name": "http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt"
                },
                {
                  "name": "http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt"
                },
                {
                  "name": "http://www.tibco.com/mk/advisory.jsp",
                  "refsource": "CONFIRM",
                  "url": "http://www.tibco.com/mk/advisory.jsp"
                },
                {
                  "name": "ADV-2008-0173",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0173"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-5658",
        "datePublished": "2008-01-16T02:00:00.000Z",
        "dateReserved": "2007-10-23T00:00:00.000Z",
        "dateUpdated": "2024-08-07T15:39:13.566Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-5655 (GCVE-0-2007-5655)

    Vulnerability from nvd – Published: 2008-01-16 02:00 – Updated: 2024-08-07 15:39
    VLAI
    Summary
    TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing values that are used as pointers.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2008-01-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T15:39:13.605Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt"
              },
              {
                "name": "20080115 TIBCO SmartSockets RTServer Multiple Untrusted Pointer Vulnerabilities",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_IDEFENSE",
                  "x_transferred"
                ],
                "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=639"
              },
              {
                "name": "28490",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28490"
              },
              {
                "name": "27292",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/27292"
              },
              {
                "name": "1019193",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1019193"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt"
              },
              {
                "name": "tibco-rtserver-pointer-code-execution(39705)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39705"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.tibco.com/mk/advisory.jsp"
              },
              {
                "name": "ADV-2008-0173",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0173"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-01-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing values that are used as pointers."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt"
            },
            {
              "name": "20080115 TIBCO SmartSockets RTServer Multiple Untrusted Pointer Vulnerabilities",
              "tags": [
                "third-party-advisory",
                "x_refsource_IDEFENSE"
              ],
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=639"
            },
            {
              "name": "28490",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28490"
            },
            {
              "name": "27292",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/27292"
            },
            {
              "name": "1019193",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1019193"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt"
            },
            {
              "name": "tibco-rtserver-pointer-code-execution(39705)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39705"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.tibco.com/mk/advisory.jsp"
            },
            {
              "name": "ADV-2008-0173",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0173"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-5655",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing values that are used as pointers."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt"
                },
                {
                  "name": "20080115 TIBCO SmartSockets RTServer Multiple Untrusted Pointer Vulnerabilities",
                  "refsource": "IDEFENSE",
                  "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=639"
                },
                {
                  "name": "28490",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28490"
                },
                {
                  "name": "27292",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/27292"
                },
                {
                  "name": "1019193",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1019193"
                },
                {
                  "name": "http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt"
                },
                {
                  "name": "tibco-rtserver-pointer-code-execution(39705)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39705"
                },
                {
                  "name": "http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt"
                },
                {
                  "name": "http://www.tibco.com/mk/advisory.jsp",
                  "refsource": "CONFIRM",
                  "url": "http://www.tibco.com/mk/advisory.jsp"
                },
                {
                  "name": "ADV-2008-0173",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0173"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-5655",
        "datePublished": "2008-01-16T02:00:00.000Z",
        "dateReserved": "2007-10-23T00:00:00.000Z",
        "dateUpdated": "2024-08-07T15:39:13.605Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-28822 (GCVE-0-2021-28822)

    Vulnerability from cvelistv5 – Published: 2021-03-23 20:15 – Updated: 2024-09-17 03:47
    VLAI
    Title
    TIBCO Enterprise Message Service Windows Platform Artifact Search vulnerability
    Summary
    The Enterprise Message Service Server (tibemsd), Enterprise Message Service Central Administration (tibemsca), Enterprise Message Service JSON configuration generator (tibemsconf2json), and Enterprise Message Service C API components of TIBCO Software Inc.'s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.'s TIBCO Enterprise Message Service: versions 8.5.1 and below, TIBCO Enterprise Message Service - Community Edition: versions 8.5.1 and below, and TIBCO Enterprise Message Service - Developer Edition: versions 8.5.1 and below.
    CWE
    • The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component.
    Assigner
    References
    Date Public
    2021-03-23 00:00
    Credits
    TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T21:55:11.567Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.tibco.com/services/support/advisories"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "TIBCO Enterprise Message Service",
              "vendor": "TIBCO Software Inc.",
              "versions": [
                {
                  "lessThanOrEqual": "8.5.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "TIBCO Enterprise Message Service - Community Edition",
              "vendor": "TIBCO Software Inc.",
              "versions": [
                {
                  "lessThanOrEqual": "8.5.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "TIBCO Enterprise Message Service - Developer Edition",
              "vendor": "TIBCO Software Inc.",
              "versions": [
                {
                  "lessThanOrEqual": "8.5.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability."
            }
          ],
          "datePublic": "2021-03-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Enterprise Message Service Server (tibemsd), Enterprise Message Service Central Administration (tibemsca), Enterprise Message Service JSON configuration generator (tibemsconf2json), and Enterprise Message Service C API components of TIBCO Software Inc.\u0027s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.\u0027s TIBCO Enterprise Message Service: versions 8.5.1 and below, TIBCO Enterprise Message Service - Community Edition: versions 8.5.1 and below, and TIBCO Enterprise Message Service - Developer Edition: versions 8.5.1 and below."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-23T20:15:24.000Z",
            "orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
            "shortName": "tibco"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.tibco.com/services/support/advisories"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Enterprise Message Service versions 8.5.1 and below update to version 8.6.0 or higher\nTIBCO Enterprise Message Service - Community Edition versions 8.5.1 and below update to version 8.6.0 or higher\nTIBCO Enterprise Message Service - Developer Edition versions 8.5.1 and below update to version 8.6.0 or higher"
            }
          ],
          "source": {
            "discovery": "Will Dormann of CERT/CC"
          },
          "title": "TIBCO Enterprise Message Service Windows Platform Artifact Search vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@tibco.com",
              "DATE_PUBLIC": "2021-03-23T17:00:00Z",
              "ID": "CVE-2021-28822",
              "STATE": "PUBLIC",
              "TITLE": "TIBCO Enterprise Message Service Windows Platform Artifact Search vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "TIBCO Enterprise Message Service",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "8.5.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "TIBCO Enterprise Message Service - Community Edition",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "8.5.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "TIBCO Enterprise Message Service - Developer Edition",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "8.5.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "TIBCO Software Inc."
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Enterprise Message Service Server (tibemsd), Enterprise Message Service Central Administration (tibemsca), Enterprise Message Service JSON configuration generator (tibemsconf2json), and Enterprise Message Service C API components of TIBCO Software Inc.\u0027s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.\u0027s TIBCO Enterprise Message Service: versions 8.5.1 and below, TIBCO Enterprise Message Service - Community Edition: versions 8.5.1 and below, and TIBCO Enterprise Message Service - Developer Edition: versions 8.5.1 and below."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.tibco.com/services/support/advisories",
                  "refsource": "CONFIRM",
                  "url": "http://www.tibco.com/services/support/advisories"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Enterprise Message Service versions 8.5.1 and below update to version 8.6.0 or higher\nTIBCO Enterprise Message Service - Community Edition versions 8.5.1 and below update to version 8.6.0 or higher\nTIBCO Enterprise Message Service - Developer Edition versions 8.5.1 and below update to version 8.6.0 or higher"
              }
            ],
            "source": {
              "discovery": "Will Dormann of CERT/CC"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
        "assignerShortName": "tibco",
        "cveId": "CVE-2021-28822",
        "datePublished": "2021-03-23T20:15:24.857Z",
        "dateReserved": "2021-03-18T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:47:42.618Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-28821 (GCVE-0-2021-28821)

    Vulnerability from cvelistv5 – Published: 2021-03-23 20:15 – Updated: 2024-09-16 22:36
    VLAI
    Title
    TIBCO Enterprise Message Service Windows Platform Installation vulnerability
    Summary
    The Windows Installation component of TIBCO Software Inc.'s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.'s TIBCO Enterprise Message Service: versions 8.5.1 and below, TIBCO Enterprise Message Service - Community Edition: versions 8.5.1 and below, and TIBCO Enterprise Message Service - Developer Edition: versions 8.5.1 and below.
    CWE
    • The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component.
    Assigner
    References
    Date Public
    2021-03-23 00:00
    Credits
    TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T21:55:11.558Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.tibco.com/services/support/advisories"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "TIBCO Enterprise Message Service",
              "vendor": "TIBCO Software Inc.",
              "versions": [
                {
                  "lessThanOrEqual": "8.5.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "TIBCO Enterprise Message Service - Community Edition",
              "vendor": "TIBCO Software Inc.",
              "versions": [
                {
                  "lessThanOrEqual": "8.5.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "TIBCO Enterprise Message Service - Developer Edition",
              "vendor": "TIBCO Software Inc.",
              "versions": [
                {
                  "lessThanOrEqual": "8.5.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability."
            }
          ],
          "datePublic": "2021-03-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Windows Installation component of TIBCO Software Inc.\u0027s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.\u0027s TIBCO Enterprise Message Service: versions 8.5.1 and below, TIBCO Enterprise Message Service - Community Edition: versions 8.5.1 and below, and TIBCO Enterprise Message Service - Developer Edition: versions 8.5.1 and below."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-23T20:15:24.000Z",
            "orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
            "shortName": "tibco"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.tibco.com/services/support/advisories"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Enterprise Message Service versions 8.5.1 and below update to version 8.6.0 or higher\nTIBCO Enterprise Message Service - Community Edition versions 8.5.1 and below update to version 8.6.0 or higher\nTIBCO Enterprise Message Service - Developer Edition versions 8.5.1 and below update to version 8.6.0 or higher"
            }
          ],
          "source": {
            "discovery": "Will Dormann of CERT/CC"
          },
          "title": "TIBCO Enterprise Message Service Windows Platform Installation vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@tibco.com",
              "DATE_PUBLIC": "2021-03-23T17:00:00Z",
              "ID": "CVE-2021-28821",
              "STATE": "PUBLIC",
              "TITLE": "TIBCO Enterprise Message Service Windows Platform Installation vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "TIBCO Enterprise Message Service",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "8.5.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "TIBCO Enterprise Message Service - Community Edition",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "8.5.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "TIBCO Enterprise Message Service - Developer Edition",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "8.5.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "TIBCO Software Inc."
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Windows Installation component of TIBCO Software Inc.\u0027s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.\u0027s TIBCO Enterprise Message Service: versions 8.5.1 and below, TIBCO Enterprise Message Service - Community Edition: versions 8.5.1 and below, and TIBCO Enterprise Message Service - Developer Edition: versions 8.5.1 and below."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.tibco.com/services/support/advisories",
                  "refsource": "CONFIRM",
                  "url": "http://www.tibco.com/services/support/advisories"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Enterprise Message Service versions 8.5.1 and below update to version 8.6.0 or higher\nTIBCO Enterprise Message Service - Community Edition versions 8.5.1 and below update to version 8.6.0 or higher\nTIBCO Enterprise Message Service - Developer Edition versions 8.5.1 and below update to version 8.6.0 or higher"
              }
            ],
            "source": {
              "discovery": "Will Dormann of CERT/CC"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
        "assignerShortName": "tibco",
        "cveId": "CVE-2021-28821",
        "datePublished": "2021-03-23T20:15:24.174Z",
        "dateReserved": "2021-03-18T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:36:09.372Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-12415 (GCVE-0-2018-12415)

    Vulnerability from cvelistv5 – Published: 2018-11-07 00:00 – Updated: 2024-09-16 20:22
    VLAI
    Title
    TIBCO Enterprise Message Service Vulnerable to CSRF Attacks
    Summary
    The Central Administration server (emsca) component of TIBCO Software Inc.'s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Enterprise Message Service: versions 8.4.0 and below, TIBCO Enterprise Message Service - Community Edition: versions 8.4.0 and below, and TIBCO Enterprise Message Service - Developer Edition: versions 8.4.0 and below.
    CWE
    • In deployments of TIBCO Enterprise Message Service (EMS) that use the Central Administration server, the impact of this vulnerability includes the theoretical possibility of reconfiguring all EMS servers administered by the affected component. With such access, the attacker might also be able to gain access to all data sent via EMS.
    Assigner
    References
    Date Public
    2018-11-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T08:38:05.049Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.tibco.com/services/support/advisories"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-enterprise-messaging-service"
              },
              {
                "name": "105850",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105850"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "TIBCO Enterprise Message Service",
              "vendor": "TIBCO Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.4.0 and previous"
                }
              ]
            },
            {
              "product": "TIBCO Enterprise Message Service - Community Edition",
              "vendor": "TIBCO Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.4.0 and previous"
                }
              ]
            },
            {
              "product": "TIBCO Enterprise Message Service - Developer Edition",
              "vendor": "TIBCO Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.4.0 and previous"
                }
              ]
            }
          ],
          "datePublic": "2018-11-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Central Administration server (emsca) component of TIBCO Software Inc.\u0027s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.\u0027s TIBCO Enterprise Message Service: versions 8.4.0 and below, TIBCO Enterprise Message Service - Community Edition: versions 8.4.0 and below, and TIBCO Enterprise Message Service - Developer Edition: versions 8.4.0 and below."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "In deployments of TIBCO Enterprise Message Service (EMS) that use the Central Administration server, the impact of this vulnerability includes the theoretical possibility of reconfiguring all EMS servers administered by the affected component. With such access, the attacker might also be able to gain access to all data sent via EMS.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-29T15:52:24.000Z",
            "orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
            "shortName": "tibco"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.tibco.com/services/support/advisories"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-enterprise-messaging-service"
            },
            {
              "name": "105850",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105850"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Enterprise Message Service versions 8.4.0 and below update to version 8.4.1 or higher\nTIBCO Enterprise Message Service - Community Edition versions 8.4.0 and below update to version 8.4.1 or higher\nTIBCO Enterprise Message Service - Developer Edition versions 8.4.0 and below update to version 8.4.1 or higher"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "TIBCO Enterprise Message Service Vulnerable to CSRF Attacks",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@tibco.com",
              "DATE_PUBLIC": "2018-11-06T17:00:00Z",
              "ID": "CVE-2018-12415",
              "STATE": "PUBLIC",
              "TITLE": "TIBCO Enterprise Message Service Vulnerable to CSRF Attacks",
              "UPDATED": "2020-01-28T17:00:00Z"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "TIBCO Enterprise Message Service",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "8.4.0 and previous"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "TIBCO Enterprise Message Service - Community Edition",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "8.4.0 and previous"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "TIBCO Enterprise Message Service - Developer Edition",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "8.4.0 and previous"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "TIBCO Software Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Central Administration server (emsca) component of TIBCO Software Inc.\u0027s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.\u0027s TIBCO Enterprise Message Service: versions 8.4.0 and below, TIBCO Enterprise Message Service - Community Edition: versions 8.4.0 and below, and TIBCO Enterprise Message Service - Developer Edition: versions 8.4.0 and below."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "In deployments of TIBCO Enterprise Message Service (EMS) that use the Central Administration server, the impact of this vulnerability includes the theoretical possibility of reconfiguring all EMS servers administered by the affected component. With such access, the attacker might also be able to gain access to all data sent via EMS."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.tibco.com/services/support/advisories",
                  "refsource": "MISC",
                  "url": "http://www.tibco.com/services/support/advisories"
                },
                {
                  "name": "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-enterprise-messaging-service",
                  "refsource": "CONFIRM",
                  "url": "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-enterprise-messaging-service"
                },
                {
                  "name": "105850",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105850"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Enterprise Message Service versions 8.4.0 and below update to version 8.4.1 or higher\nTIBCO Enterprise Message Service - Community Edition versions 8.4.0 and below update to version 8.4.1 or higher\nTIBCO Enterprise Message Service - Developer Edition versions 8.4.0 and below update to version 8.4.1 or higher"
              }
            ],
            "source": {
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
        "assignerShortName": "tibco",
        "cveId": "CVE-2018-12415",
        "datePublished": "2018-11-07T00:00:00.000Z",
        "dateReserved": "2018-06-14T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:22:46.057Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-3628 (GCVE-0-2016-3628)

    Vulnerability from cvelistv5 – Published: 2016-04-20 10:00 – Updated: 2024-08-06 00:03
    VLAI
    Summary
    Buffer overflow in tibemsd in the server in TIBCO Enterprise Message Service (EMS) before 8.3.0 and EMS Appliance before 2.4.0 allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via crafted inbound data.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2016-04-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:03:34.410Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.tibco.com/mk/advisory.jsp"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.tibco.com/assets/blt8a2d9978616c21fe/2016-001-advisory.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-04-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Buffer overflow in tibemsd in the server in TIBCO Enterprise Message Service (EMS) before 8.3.0 and EMS Appliance before 2.4.0 allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via crafted inbound data."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-04-20T04:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.tibco.com/mk/advisory.jsp"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.tibco.com/assets/blt8a2d9978616c21fe/2016-001-advisory.txt"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-3628",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Buffer overflow in tibemsd in the server in TIBCO Enterprise Message Service (EMS) before 8.3.0 and EMS Appliance before 2.4.0 allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via crafted inbound data."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.tibco.com/mk/advisory.jsp",
                  "refsource": "CONFIRM",
                  "url": "http://www.tibco.com/mk/advisory.jsp"
                },
                {
                  "name": "http://www.tibco.com/assets/blt8a2d9978616c21fe/2016-001-advisory.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.tibco.com/assets/blt8a2d9978616c21fe/2016-001-advisory.txt"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-3628",
        "datePublished": "2016-04-20T10:00:00.000Z",
        "dateReserved": "2016-03-21T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:03:34.410Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-0649 (GCVE-0-2011-0649)

    Vulnerability from cvelistv5 – Published: 2011-02-04 00:00 – Updated: 2024-08-06 21:58
    VLAI
    Summary
    Multiple unspecified vulnerabilities in TIBCO Rendezvous 8.2.1 through 8.3.0, Enterprise Message Service (EMS) 5.1.0 through 6.0.0, Runtime Agent (TRA) 5.6.2 through 5.7.0, Silver BPM Service before 1.0.4, Silver CAP Service vebefore 1.0.2, and Silver BusinessWorks Service 1.0.0, when running on Unix systems, allow local users to gain root privileges via unknown vectors related to SUID and (1) Rendezvous Routing Daemon (rvrd), (2) Rendezvous Secure Daemon (rvsd), (3) Rendezvous Secure Routing Daemon (rvsrd), and (4) EMS Server (tibemsd).
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/43174 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/43160 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2011/0269 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/bid/46104 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.tibco.com/multimedia/rv_ems_security_a… x_refsource_CONFIRM
    Date Public
    2011-02-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T21:58:26.051Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "43174",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/43174"
              },
              {
                "name": "43160",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/43160"
              },
              {
                "name": "ADV-2011-0269",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0269"
              },
              {
                "name": "46104",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/46104"
              },
              {
                "name": "tibco-suid-privilege-escalation(65105)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65105"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.tibco.com/multimedia/rv_ems_security_advisory_20110201_tcm8-13185.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-02-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple unspecified vulnerabilities in TIBCO Rendezvous 8.2.1 through 8.3.0, Enterprise Message Service (EMS) 5.1.0 through 6.0.0, Runtime Agent (TRA) 5.6.2 through 5.7.0, Silver BPM Service before 1.0.4, Silver CAP Service vebefore 1.0.2, and Silver BusinessWorks Service 1.0.0, when running on Unix systems, allow local users to gain root privileges via unknown vectors related to SUID and (1) Rendezvous Routing Daemon (rvrd), (2) Rendezvous Secure Daemon (rvsd), (3) Rendezvous Secure Routing Daemon (rvsrd), and (4) EMS Server (tibemsd)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "43174",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/43174"
            },
            {
              "name": "43160",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/43160"
            },
            {
              "name": "ADV-2011-0269",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0269"
            },
            {
              "name": "46104",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/46104"
            },
            {
              "name": "tibco-suid-privilege-escalation(65105)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65105"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.tibco.com/multimedia/rv_ems_security_advisory_20110201_tcm8-13185.txt"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-0649",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple unspecified vulnerabilities in TIBCO Rendezvous 8.2.1 through 8.3.0, Enterprise Message Service (EMS) 5.1.0 through 6.0.0, Runtime Agent (TRA) 5.6.2 through 5.7.0, Silver BPM Service before 1.0.4, Silver CAP Service vebefore 1.0.2, and Silver BusinessWorks Service 1.0.0, when running on Unix systems, allow local users to gain root privileges via unknown vectors related to SUID and (1) Rendezvous Routing Daemon (rvrd), (2) Rendezvous Secure Daemon (rvsd), (3) Rendezvous Secure Routing Daemon (rvsrd), and (4) EMS Server (tibemsd)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "43174",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/43174"
                },
                {
                  "name": "43160",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/43160"
                },
                {
                  "name": "ADV-2011-0269",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2011/0269"
                },
                {
                  "name": "46104",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/46104"
                },
                {
                  "name": "tibco-suid-privilege-escalation(65105)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65105"
                },
                {
                  "name": "http://www.tibco.com/multimedia/rv_ems_security_advisory_20110201_tcm8-13185.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.tibco.com/multimedia/rv_ems_security_advisory_20110201_tcm8-13185.txt"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-0649",
        "datePublished": "2011-02-04T00:00:00.000Z",
        "dateReserved": "2011-01-25T00:00:00.000Z",
        "dateUpdated": "2024-08-06T21:58:26.051Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-1291 (GCVE-0-2009-1291)

    Vulnerability from cvelistv5 – Published: 2009-04-30 20:00 – Updated: 2024-08-07 05:04
    VLAI
    Summary
    Stack-based buffer overflow in TIBCO SmartSockets before 6.8.2, SmartSockets Product Family (aka RTworks) before 4.0.5, and Enterprise Message Service (EMS) 4.0.0 through 5.1.1, as used in SmartSockets Server and RTworks Server (aka RTserver), SmartSockets client libraries and add-on products, RTworks libraries and components, EMS Server (aka tibemsd), SmartMQ, iProcess Engine, ActiveMatrix products, and CA Enterprise Communicator, allows remote attackers to execute arbitrary code via "inbound data," as demonstrated by requests to the UDP interface of the RTserver component, and data injection into the TCP stream to tibemsd.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2009-04-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T05:04:49.479Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.tibco.com/multimedia/security_advisory_rtworks_tcm8-7559.txt"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.tibco.com/services/support/advisories/default.jsp"
              },
              {
                "name": "1022129",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1022129"
              },
              {
                "name": "34754",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/34754"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.tibco.com/multimedia/security_advisory_smartsockets_tcm8-7560.txt"
              },
              {
                "name": "20090428 TIBCO SmartSockets Stack Buffer Overflow Vulnerability",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_IDEFENSE",
                  "x_transferred"
                ],
                "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=785"
              },
              {
                "name": "smartsockets-udp-bo(50214)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50214"
              },
              {
                "name": "ADV-2009-1198",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/1198"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.harmonysecurity.com/blog/2009/04/tibco-smartsockets-stack-buffer.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.tibco.com/services/support/advisories/smartsockets-sspfm-ems_advisory_20090428.jsp"
              },
              {
                "name": "34911",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/34911"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.tibco.com/multimedia/security_advisory_ems_tcm8-7558.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-04-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in TIBCO SmartSockets before 6.8.2, SmartSockets Product Family (aka RTworks) before 4.0.5, and Enterprise Message Service (EMS) 4.0.0 through 5.1.1, as used in SmartSockets Server and RTworks Server (aka RTserver), SmartSockets client libraries and add-on products, RTworks libraries and components, EMS Server (aka tibemsd), SmartMQ, iProcess Engine, ActiveMatrix products, and CA Enterprise Communicator, allows remote attackers to execute arbitrary code via \"inbound data,\" as demonstrated by requests to the UDP interface of the RTserver component, and data injection into the TCP stream to tibemsd."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.tibco.com/multimedia/security_advisory_rtworks_tcm8-7559.txt"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.tibco.com/services/support/advisories/default.jsp"
            },
            {
              "name": "1022129",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1022129"
            },
            {
              "name": "34754",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/34754"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.tibco.com/multimedia/security_advisory_smartsockets_tcm8-7560.txt"
            },
            {
              "name": "20090428 TIBCO SmartSockets Stack Buffer Overflow Vulnerability",
              "tags": [
                "third-party-advisory",
                "x_refsource_IDEFENSE"
              ],
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=785"
            },
            {
              "name": "smartsockets-udp-bo(50214)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50214"
            },
            {
              "name": "ADV-2009-1198",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/1198"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.harmonysecurity.com/blog/2009/04/tibco-smartsockets-stack-buffer.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.tibco.com/services/support/advisories/smartsockets-sspfm-ems_advisory_20090428.jsp"
            },
            {
              "name": "34911",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/34911"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.tibco.com/multimedia/security_advisory_ems_tcm8-7558.txt"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-1291",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stack-based buffer overflow in TIBCO SmartSockets before 6.8.2, SmartSockets Product Family (aka RTworks) before 4.0.5, and Enterprise Message Service (EMS) 4.0.0 through 5.1.1, as used in SmartSockets Server and RTworks Server (aka RTserver), SmartSockets client libraries and add-on products, RTworks libraries and components, EMS Server (aka tibemsd), SmartMQ, iProcess Engine, ActiveMatrix products, and CA Enterprise Communicator, allows remote attackers to execute arbitrary code via \"inbound data,\" as demonstrated by requests to the UDP interface of the RTserver component, and data injection into the TCP stream to tibemsd."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.tibco.com/multimedia/security_advisory_rtworks_tcm8-7559.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.tibco.com/multimedia/security_advisory_rtworks_tcm8-7559.txt"
                },
                {
                  "name": "http://www.tibco.com/services/support/advisories/default.jsp",
                  "refsource": "CONFIRM",
                  "url": "http://www.tibco.com/services/support/advisories/default.jsp"
                },
                {
                  "name": "1022129",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1022129"
                },
                {
                  "name": "34754",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/34754"
                },
                {
                  "name": "http://www.tibco.com/multimedia/security_advisory_smartsockets_tcm8-7560.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.tibco.com/multimedia/security_advisory_smartsockets_tcm8-7560.txt"
                },
                {
                  "name": "20090428 TIBCO SmartSockets Stack Buffer Overflow Vulnerability",
                  "refsource": "IDEFENSE",
                  "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=785"
                },
                {
                  "name": "smartsockets-udp-bo(50214)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50214"
                },
                {
                  "name": "ADV-2009-1198",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/1198"
                },
                {
                  "name": "http://www.harmonysecurity.com/blog/2009/04/tibco-smartsockets-stack-buffer.html",
                  "refsource": "MISC",
                  "url": "http://www.harmonysecurity.com/blog/2009/04/tibco-smartsockets-stack-buffer.html"
                },
                {
                  "name": "http://www.tibco.com/services/support/advisories/smartsockets-sspfm-ems_advisory_20090428.jsp",
                  "refsource": "CONFIRM",
                  "url": "http://www.tibco.com/services/support/advisories/smartsockets-sspfm-ems_advisory_20090428.jsp"
                },
                {
                  "name": "34911",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/34911"
                },
                {
                  "name": "http://www.tibco.com/multimedia/security_advisory_ems_tcm8-7558.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.tibco.com/multimedia/security_advisory_ems_tcm8-7558.txt"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-1291",
        "datePublished": "2009-04-30T20:00:00.000Z",
        "dateReserved": "2009-04-13T00:00:00.000Z",
        "dateUpdated": "2024-08-07T05:04:49.479Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1704 (GCVE-0-2008-1704)

    Vulnerability from cvelistv5 – Published: 2008-04-11 10:00 – Updated: 2024-08-07 08:32
    VLAI
    Summary
    Multiple buffer overflows in TIBCO Software Enterprise Message Service (EMS) before 4.4.3, and iProcess Engine 10.6.0 through 10.6.1, allow remote attackers to execute arbitrary code via a crafted message to the EMS server.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.tibco.com/resources/mk/ems_security_ad… x_refsource_CONFIRM
    http://www.securitytracker.com/id?1019826 vdb-entryx_refsource_SECTRACK
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/28717 vdb-entryx_refsource_BID
    http://www.vupen.com/english/advisories/2008/1190… vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/29775 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2008-04-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:32:01.297Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.tibco.com/resources/mk/ems_security_advisory_20080409.txt"
              },
              {
                "name": "1019826",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019826"
              },
              {
                "name": "tibco-ems-iprocess-code-execution(41761)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41761"
              },
              {
                "name": "28717",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/28717"
              },
              {
                "name": "ADV-2008-1190",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/1190/references"
              },
              {
                "name": "29775",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29775"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-04-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple buffer overflows in TIBCO Software Enterprise Message Service (EMS) before 4.4.3, and iProcess Engine 10.6.0 through 10.6.1, allow remote attackers to execute arbitrary code via a crafted message to the EMS server."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-07T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.tibco.com/resources/mk/ems_security_advisory_20080409.txt"
            },
            {
              "name": "1019826",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1019826"
            },
            {
              "name": "tibco-ems-iprocess-code-execution(41761)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41761"
            },
            {
              "name": "28717",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/28717"
            },
            {
              "name": "ADV-2008-1190",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1190/references"
            },
            {
              "name": "29775",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29775"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-1704",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple buffer overflows in TIBCO Software Enterprise Message Service (EMS) before 4.4.3, and iProcess Engine 10.6.0 through 10.6.1, allow remote attackers to execute arbitrary code via a crafted message to the EMS server."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.tibco.com/resources/mk/ems_security_advisory_20080409.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.tibco.com/resources/mk/ems_security_advisory_20080409.txt"
                },
                {
                  "name": "1019826",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1019826"
                },
                {
                  "name": "tibco-ems-iprocess-code-execution(41761)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41761"
                },
                {
                  "name": "28717",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/28717"
                },
                {
                  "name": "ADV-2008-1190",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/1190/references"
                },
                {
                  "name": "29775",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29775"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-1704",
        "datePublished": "2008-04-11T10:00:00.000Z",
        "dateReserved": "2008-04-08T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:32:01.297Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-5656 (GCVE-0-2007-5656)

    Vulnerability from cvelistv5 – Published: 2008-01-16 02:00 – Updated: 2024-08-07 15:39
    VLAI
    Summary
    TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted requests that control loop operations related to memory.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2008-01-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T15:39:13.614Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt"
              },
              {
                "name": "28490",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28490"
              },
              {
                "name": "1019193",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1019193"
              },
              {
                "name": "20080115 TIBCO SmartSockets RTServer Multiple Untrusted Loop Bounds Vulnerabilities",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_IDEFENSE",
                  "x_transferred"
                ],
                "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=641"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt"
              },
              {
                "name": "tibco-rtserver-loop-code-execution(39708)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39708"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.tibco.com/mk/advisory.jsp"
              },
              {
                "name": "27293",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/27293"
              },
              {
                "name": "ADV-2008-0173",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0173"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-01-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted requests that control loop operations related to memory."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt"
            },
            {
              "name": "28490",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28490"
            },
            {
              "name": "1019193",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1019193"
            },
            {
              "name": "20080115 TIBCO SmartSockets RTServer Multiple Untrusted Loop Bounds Vulnerabilities",
              "tags": [
                "third-party-advisory",
                "x_refsource_IDEFENSE"
              ],
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=641"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt"
            },
            {
              "name": "tibco-rtserver-loop-code-execution(39708)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39708"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.tibco.com/mk/advisory.jsp"
            },
            {
              "name": "27293",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/27293"
            },
            {
              "name": "ADV-2008-0173",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0173"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-5656",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted requests that control loop operations related to memory."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt"
                },
                {
                  "name": "28490",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28490"
                },
                {
                  "name": "1019193",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1019193"
                },
                {
                  "name": "20080115 TIBCO SmartSockets RTServer Multiple Untrusted Loop Bounds Vulnerabilities",
                  "refsource": "IDEFENSE",
                  "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=641"
                },
                {
                  "name": "http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt"
                },
                {
                  "name": "http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt"
                },
                {
                  "name": "tibco-rtserver-loop-code-execution(39708)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39708"
                },
                {
                  "name": "http://www.tibco.com/mk/advisory.jsp",
                  "refsource": "CONFIRM",
                  "url": "http://www.tibco.com/mk/advisory.jsp"
                },
                {
                  "name": "27293",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/27293"
                },
                {
                  "name": "ADV-2008-0173",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0173"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-5656",
        "datePublished": "2008-01-16T02:00:00.000Z",
        "dateReserved": "2007-10-23T00:00:00.000Z",
        "dateUpdated": "2024-08-07T15:39:13.614Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-5657 (GCVE-0-2007-5657)

    Vulnerability from cvelistv5 – Published: 2008-01-16 02:00 – Updated: 2024-08-07 15:39
    VLAI
    Summary
    TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing values that are used as pointer offsets.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2008-01-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T15:39:13.578Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt"
              },
              {
                "name": "28490",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28490"
              },
              {
                "name": "1019193",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1019193"
              },
              {
                "name": "20080115 TIBCO SmartSockets RTserver Multiple Untrusted Pointer Offset Vulnerabilities",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_IDEFENSE",
                  "x_transferred"
                ],
                "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=640"
              },
              {
                "name": "tibco-rtserver-offset-code-execution(39707)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39707"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.tibco.com/mk/advisory.jsp"
              },
              {
                "name": "27295",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/27295"
              },
              {
                "name": "ADV-2008-0173",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0173"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-01-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing values that are used as pointer offsets."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt"
            },
            {
              "name": "28490",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28490"
            },
            {
              "name": "1019193",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1019193"
            },
            {
              "name": "20080115 TIBCO SmartSockets RTserver Multiple Untrusted Pointer Offset Vulnerabilities",
              "tags": [
                "third-party-advisory",
                "x_refsource_IDEFENSE"
              ],
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=640"
            },
            {
              "name": "tibco-rtserver-offset-code-execution(39707)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39707"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.tibco.com/mk/advisory.jsp"
            },
            {
              "name": "27295",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/27295"
            },
            {
              "name": "ADV-2008-0173",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0173"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-5657",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing values that are used as pointer offsets."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt"
                },
                {
                  "name": "28490",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28490"
                },
                {
                  "name": "1019193",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1019193"
                },
                {
                  "name": "20080115 TIBCO SmartSockets RTserver Multiple Untrusted Pointer Offset Vulnerabilities",
                  "refsource": "IDEFENSE",
                  "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=640"
                },
                {
                  "name": "tibco-rtserver-offset-code-execution(39707)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39707"
                },
                {
                  "name": "http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt"
                },
                {
                  "name": "http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt"
                },
                {
                  "name": "http://www.tibco.com/mk/advisory.jsp",
                  "refsource": "CONFIRM",
                  "url": "http://www.tibco.com/mk/advisory.jsp"
                },
                {
                  "name": "27295",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/27295"
                },
                {
                  "name": "ADV-2008-0173",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0173"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-5657",
        "datePublished": "2008-01-16T02:00:00.000Z",
        "dateReserved": "2007-10-23T00:00:00.000Z",
        "dateUpdated": "2024-08-07T15:39:13.578Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-5658 (GCVE-0-2007-5658)

    Vulnerability from cvelistv5 – Published: 2008-01-16 02:00 – Updated: 2024-08-07 15:39
    VLAI
    Summary
    Heap-based buffer overflow in TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing size and copy-length values that trigger the overflow.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2008-01-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T15:39:13.566Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "27294",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/27294"
              },
              {
                "name": "tibco-rtserver-bo(39703)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39703"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt"
              },
              {
                "name": "20080115 TIBCO SmartSockets RTserver Heap Overflow Vulnerability",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_IDEFENSE",
                  "x_transferred"
                ],
                "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=638"
              },
              {
                "name": "28490",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28490"
              },
              {
                "name": "1019193",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1019193"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.tibco.com/mk/advisory.jsp"
              },
              {
                "name": "ADV-2008-0173",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0173"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-01-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing size and copy-length values that trigger the overflow."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "27294",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/27294"
            },
            {
              "name": "tibco-rtserver-bo(39703)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39703"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt"
            },
            {
              "name": "20080115 TIBCO SmartSockets RTserver Heap Overflow Vulnerability",
              "tags": [
                "third-party-advisory",
                "x_refsource_IDEFENSE"
              ],
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=638"
            },
            {
              "name": "28490",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28490"
            },
            {
              "name": "1019193",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1019193"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.tibco.com/mk/advisory.jsp"
            },
            {
              "name": "ADV-2008-0173",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0173"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-5658",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Heap-based buffer overflow in TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing size and copy-length values that trigger the overflow."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "27294",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/27294"
                },
                {
                  "name": "tibco-rtserver-bo(39703)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39703"
                },
                {
                  "name": "http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt"
                },
                {
                  "name": "20080115 TIBCO SmartSockets RTserver Heap Overflow Vulnerability",
                  "refsource": "IDEFENSE",
                  "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=638"
                },
                {
                  "name": "28490",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28490"
                },
                {
                  "name": "1019193",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1019193"
                },
                {
                  "name": "http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt"
                },
                {
                  "name": "http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt"
                },
                {
                  "name": "http://www.tibco.com/mk/advisory.jsp",
                  "refsource": "CONFIRM",
                  "url": "http://www.tibco.com/mk/advisory.jsp"
                },
                {
                  "name": "ADV-2008-0173",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0173"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-5658",
        "datePublished": "2008-01-16T02:00:00.000Z",
        "dateReserved": "2007-10-23T00:00:00.000Z",
        "dateUpdated": "2024-08-07T15:39:13.566Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-5655 (GCVE-0-2007-5655)

    Vulnerability from cvelistv5 – Published: 2008-01-16 02:00 – Updated: 2024-08-07 15:39
    VLAI
    Summary
    TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing values that are used as pointers.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2008-01-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T15:39:13.605Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt"
              },
              {
                "name": "20080115 TIBCO SmartSockets RTServer Multiple Untrusted Pointer Vulnerabilities",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_IDEFENSE",
                  "x_transferred"
                ],
                "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=639"
              },
              {
                "name": "28490",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28490"
              },
              {
                "name": "27292",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/27292"
              },
              {
                "name": "1019193",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1019193"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt"
              },
              {
                "name": "tibco-rtserver-pointer-code-execution(39705)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39705"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.tibco.com/mk/advisory.jsp"
              },
              {
                "name": "ADV-2008-0173",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0173"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-01-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing values that are used as pointers."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt"
            },
            {
              "name": "20080115 TIBCO SmartSockets RTServer Multiple Untrusted Pointer Vulnerabilities",
              "tags": [
                "third-party-advisory",
                "x_refsource_IDEFENSE"
              ],
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=639"
            },
            {
              "name": "28490",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28490"
            },
            {
              "name": "27292",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/27292"
            },
            {
              "name": "1019193",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1019193"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt"
            },
            {
              "name": "tibco-rtserver-pointer-code-execution(39705)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39705"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.tibco.com/mk/advisory.jsp"
            },
            {
              "name": "ADV-2008-0173",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0173"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-5655",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing values that are used as pointers."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt"
                },
                {
                  "name": "20080115 TIBCO SmartSockets RTServer Multiple Untrusted Pointer Vulnerabilities",
                  "refsource": "IDEFENSE",
                  "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=639"
                },
                {
                  "name": "28490",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28490"
                },
                {
                  "name": "27292",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/27292"
                },
                {
                  "name": "1019193",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1019193"
                },
                {
                  "name": "http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt"
                },
                {
                  "name": "tibco-rtserver-pointer-code-execution(39705)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39705"
                },
                {
                  "name": "http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt"
                },
                {
                  "name": "http://www.tibco.com/mk/advisory.jsp",
                  "refsource": "CONFIRM",
                  "url": "http://www.tibco.com/mk/advisory.jsp"
                },
                {
                  "name": "ADV-2008-0173",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0173"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-5655",
        "datePublished": "2008-01-16T02:00:00.000Z",
        "dateReserved": "2007-10-23T00:00:00.000Z",
        "dateUpdated": "2024-08-07T15:39:13.605Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }