Search criteria
33 vulnerabilities found for rendezvous by tibco
VAR-201508-0342
Vulnerability from variot - Updated: 2025-04-13 23:32Buffer overflow in the HTTP administrative interface in TIBCO Rendezvous before 8.4.4, Rendezvous Network Server before 1.1.1, Substation ES before 2.9.0, and Messaging Appliance before 8.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the Rendezvous Daemon (rvd), Routing Daemon (rvrd), Secure Daemon (rvsd), Secure Routing Daemon (rvsrd), Gateway Daemon (rvgd), Daemon Adapter (rvda), Cache (rvcache), Agent (rva), and Relay Agent (rvrad) components. TIBCO Rendezvous and others are products of TIBCO Software Corporation of the United States. TIBCO Rendezvous is a middleware product that helps users quickly build and deploy large-scale distributed applications; Substation ES is a substation product that integrates communications software and provides real-time information exchange; Messaging Appliance is a set that reduces transmission delays and improves A messaging software that predicts capabilities and improves message throughput. A buffer overflow vulnerability exists in the HTTP management interface for several TIBCO products. A remote attacker could exploit the vulnerability to cause a denial of service or to execute arbitrary code. Multiple TIBCO products are prone to multiple buffer-overflow vulnerabilities. Failed exploit attempts will result in a denial-of-service condition. The following products are vulnerable: TIBCO Rendezvous 8.4.3 and prior TIBCO Rendezvous Network Server 1.1.0 and prior TIBCO Substation ES 2.8.1 and prior TIBCO Messaging Appliance 8.7.1 and prior
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0342",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rendezvous",
"scope": "lt",
"trust": 1.4,
"vendor": "tibco",
"version": "8.4.4"
},
{
"model": "substation es",
"scope": "lt",
"trust": 1.4,
"vendor": "tibco",
"version": "2.9.0"
},
{
"model": "substation es",
"scope": "lte",
"trust": 1.0,
"vendor": "tibco",
"version": "2.8.1"
},
{
"model": "messaging appliance",
"scope": "lte",
"trust": 1.0,
"vendor": "tibco",
"version": "8.7.1"
},
{
"model": "rendezvous",
"scope": "lte",
"trust": 1.0,
"vendor": "tibco",
"version": "8.4.3"
},
{
"model": "rendezvous network server",
"scope": "lte",
"trust": 1.0,
"vendor": "tibco",
"version": "1.1.0"
},
{
"model": "substation es",
"scope": "eq",
"trust": 0.9,
"vendor": "tibco",
"version": "2.8.1"
},
{
"model": "rendezvous",
"scope": "eq",
"trust": 0.9,
"vendor": "tibco",
"version": "8.4.3"
},
{
"model": "messaging appliance",
"scope": "eq",
"trust": 0.9,
"vendor": "tibco",
"version": "8.7.1"
},
{
"model": "messaging appliance software",
"scope": "lt",
"trust": 0.8,
"vendor": "tibco",
"version": "8.7.2"
},
{
"model": "rendezvous network server",
"scope": "lt",
"trust": 0.8,
"vendor": "tibco",
"version": "1.1.1"
},
{
"model": "messaging appliance",
"scope": "lt",
"trust": 0.6,
"vendor": "tibco",
"version": "8.7.2"
},
{
"model": "rendezvous network server",
"scope": "eq",
"trust": 0.6,
"vendor": "tibco",
"version": "1.1.0"
},
{
"model": "substation es",
"scope": "eq",
"trust": 0.3,
"vendor": "tibco",
"version": "2.8"
},
{
"model": "rendezvous network server",
"scope": "eq",
"trust": 0.3,
"vendor": "tibco",
"version": "1.1"
},
{
"model": "rendezvous",
"scope": "eq",
"trust": 0.3,
"vendor": "tibco",
"version": "8.4.2"
},
{
"model": "rendezvous",
"scope": "eq",
"trust": 0.3,
"vendor": "tibco",
"version": "8.4.1"
},
{
"model": "rendezvous",
"scope": "eq",
"trust": 0.3,
"vendor": "tibco",
"version": "8.3"
},
{
"model": "rendezvous",
"scope": "eq",
"trust": 0.3,
"vendor": "tibco",
"version": "8.2.9"
},
{
"model": "rendezvous",
"scope": "eq",
"trust": 0.3,
"vendor": "tibco",
"version": "8.2.8"
},
{
"model": "rendezvous",
"scope": "eq",
"trust": 0.3,
"vendor": "tibco",
"version": "8.2.7"
},
{
"model": "rendezvous",
"scope": "eq",
"trust": 0.3,
"vendor": "tibco",
"version": "8.2.6"
},
{
"model": "rendezvous",
"scope": "eq",
"trust": 0.3,
"vendor": "tibco",
"version": "8.2.5"
},
{
"model": "rendezvous",
"scope": "eq",
"trust": 0.3,
"vendor": "tibco",
"version": "8.2.4"
},
{
"model": "rendezvous",
"scope": "eq",
"trust": 0.3,
"vendor": "tibco",
"version": "8.2.3"
},
{
"model": "rendezvous",
"scope": "eq",
"trust": 0.3,
"vendor": "tibco",
"version": "8.2.2"
},
{
"model": "rendezvous",
"scope": "eq",
"trust": 0.3,
"vendor": "tibco",
"version": "8.2.1"
},
{
"model": "rendezvous",
"scope": "eq",
"trust": 0.3,
"vendor": "tibco",
"version": "8.0.1"
},
{
"model": "rendezvous",
"scope": "eq",
"trust": 0.3,
"vendor": "tibco",
"version": "7.5.4"
},
{
"model": "rendezvous",
"scope": "eq",
"trust": 0.3,
"vendor": "tibco",
"version": "7.5.3"
},
{
"model": "rendezvous",
"scope": "eq",
"trust": 0.3,
"vendor": "tibco",
"version": "7.5.2"
},
{
"model": "rendezvous",
"scope": "eq",
"trust": 0.3,
"vendor": "tibco",
"version": "7.5.1"
},
{
"model": "rendezvous",
"scope": "eq",
"trust": 0.3,
"vendor": "tibco",
"version": "7.4.11"
},
{
"model": "rendezvous",
"scope": "eq",
"trust": 0.3,
"vendor": "tibco",
"version": "5.6.3"
},
{
"model": "rendezvous",
"scope": "eq",
"trust": 0.3,
"vendor": "tibco",
"version": "8.3.1"
},
{
"model": "rendezvous",
"scope": "eq",
"trust": 0.3,
"vendor": "tibco",
"version": "8.0"
},
{
"model": "messaging appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "tibco",
"version": "8.7"
},
{
"model": "substation es",
"scope": "ne",
"trust": 0.3,
"vendor": "tibco",
"version": "2.9"
},
{
"model": "rendezvous network server",
"scope": "ne",
"trust": 0.3,
"vendor": "tibco",
"version": "1.1.1"
},
{
"model": "rendezvous",
"scope": "ne",
"trust": 0.3,
"vendor": "tibco",
"version": "8.4.4"
},
{
"model": "messaging appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "tibco",
"version": "8.7.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "messaging appliance",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "rendezvous",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "rendezvous network server",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "substation es",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "185e6a3d-806b-4280-97a9-ddba5d0cd26f"
},
{
"db": "CNVD",
"id": "CNVD-2015-05790"
},
{
"db": "BID",
"id": "76492"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004504"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-569"
},
{
"db": "NVD",
"id": "CVE-2015-4555"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:tibco:messaging_appliance",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:tibco:rendezvous",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:tibco:rendezvous_network_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:tibco:substation_es",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004504"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "76492"
}
],
"trust": 0.3
},
"cve": "CVE-2015-4555",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2015-4555",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05790",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "185e6a3d-806b-4280-97a9-ddba5d0cd26f",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-4555",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-4555",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-05790",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201508-569",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "185e6a3d-806b-4280-97a9-ddba5d0cd26f",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "185e6a3d-806b-4280-97a9-ddba5d0cd26f"
},
{
"db": "CNVD",
"id": "CNVD-2015-05790"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004504"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-569"
},
{
"db": "NVD",
"id": "CVE-2015-4555"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in the HTTP administrative interface in TIBCO Rendezvous before 8.4.4, Rendezvous Network Server before 1.1.1, Substation ES before 2.9.0, and Messaging Appliance before 8.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the Rendezvous Daemon (rvd), Routing Daemon (rvrd), Secure Daemon (rvsd), Secure Routing Daemon (rvsrd), Gateway Daemon (rvgd), Daemon Adapter (rvda), Cache (rvcache), Agent (rva), and Relay Agent (rvrad) components. TIBCO Rendezvous and others are products of TIBCO Software Corporation of the United States. TIBCO Rendezvous is a middleware product that helps users quickly build and deploy large-scale distributed applications; Substation ES is a substation product that integrates communications software and provides real-time information exchange; Messaging Appliance is a set that reduces transmission delays and improves A messaging software that predicts capabilities and improves message throughput. A buffer overflow vulnerability exists in the HTTP management interface for several TIBCO products. A remote attacker could exploit the vulnerability to cause a denial of service or to execute arbitrary code. Multiple TIBCO products are prone to multiple buffer-overflow vulnerabilities. Failed exploit attempts will result in a denial-of-service condition. \nThe following products are vulnerable:\nTIBCO Rendezvous 8.4.3 and prior\nTIBCO Rendezvous Network Server 1.1.0 and prior\nTIBCO Substation ES 2.8.1 and prior\nTIBCO Messaging Appliance 8.7.1 and prior",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-4555"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004504"
},
{
"db": "CNVD",
"id": "CNVD-2015-05790"
},
{
"db": "BID",
"id": "76492"
},
{
"db": "IVD",
"id": "185e6a3d-806b-4280-97a9-ddba5d0cd26f"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-4555",
"trust": 3.5
},
{
"db": "SECTRACK",
"id": "1033677",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2015-05790",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201508-569",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004504",
"trust": 0.8
},
{
"db": "BID",
"id": "76492",
"trust": 0.3
},
{
"db": "IVD",
"id": "185E6A3D-806B-4280-97A9-DDBA5D0CD26F",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "185e6a3d-806b-4280-97a9-ddba5d0cd26f"
},
{
"db": "CNVD",
"id": "CNVD-2015-05790"
},
{
"db": "BID",
"id": "76492"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004504"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-569"
},
{
"db": "NVD",
"id": "CVE-2015-4555"
}
]
},
"id": "VAR-201508-0342",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "185e6a3d-806b-4280-97a9-ddba5d0cd26f"
},
{
"db": "CNVD",
"id": "CNVD-2015-05790"
}
],
"trust": 0.08
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "185e6a3d-806b-4280-97a9-ddba5d0cd26f"
},
{
"db": "CNVD",
"id": "CNVD-2015-05790"
}
]
},
"last_update_date": "2025-04-13T23:32:44.472000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "TIBCO Rendezvous vulnerability",
"trust": 0.8,
"url": "http://www.tibco.com/services/support/advisories"
},
{
"title": "Security Advisories for TIBCO Products (August 25, 2015)",
"trust": 0.8,
"url": "http://www.tibco.com/assets/blt18493dc775c50c09/2015-002-advisory.txt"
},
{
"title": "Patches for multiple TIBCO product buffer overflow vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/63516"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05790"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004504"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-4555"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"trust": 1.9,
"url": "http://www.tibco.com/assets/blt18493dc775c50c09/2015-002-advisory.txt"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1033677"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4555"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4555"
},
{
"trust": 0.3,
"url": "http://www.tibco.com/index.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05790"
},
{
"db": "BID",
"id": "76492"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004504"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-569"
},
{
"db": "NVD",
"id": "CVE-2015-4555"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "185e6a3d-806b-4280-97a9-ddba5d0cd26f"
},
{
"db": "CNVD",
"id": "CNVD-2015-05790"
},
{
"db": "BID",
"id": "76492"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004504"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-569"
},
{
"db": "NVD",
"id": "CVE-2015-4555"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-06T00:00:00",
"db": "IVD",
"id": "185e6a3d-806b-4280-97a9-ddba5d0cd26f"
},
{
"date": "2015-09-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05790"
},
{
"date": "2015-08-25T00:00:00",
"db": "BID",
"id": "76492"
},
{
"date": "2015-09-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004504"
},
{
"date": "2015-08-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-569"
},
{
"date": "2015-08-30T14:59:02.047000",
"db": "NVD",
"id": "CVE-2015-4555"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05790"
},
{
"date": "2015-08-25T00:00:00",
"db": "BID",
"id": "76492"
},
{
"date": "2015-09-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004504"
},
{
"date": "2015-08-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-569"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-4555"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-569"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural TIBCO Product HTTP Management Interface Buffer Overflow Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004504"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "185e6a3d-806b-4280-97a9-ddba5d0cd26f"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-569"
}
],
"trust": 0.8
}
}
CVE-2021-28818 (GCVE-0-2021-28818)
Vulnerability from nvd – Published: 2021-03-23 20:15 – Updated: 2024-09-17 00:55
VLAI?
Title
TIBCO Rendezvous Windows Platform Artifact Search vulnerability
Summary
The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), Rendezvous Secure C API, Rendezvous Java API, and Rendezvous .Net API components of TIBCO Software Inc.'s TIBCO Rendezvous and TIBCO Rendezvous Developer Edition contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.'s TIBCO Rendezvous: versions 8.5.1 and below and TIBCO Rendezvous Developer Edition: versions 8.5.1 and below.
Severity ?
8.8 (High)
CWE
- The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Rendezvous |
Affected:
unspecified , ≤ 8.5.1
(custom)
|
|||||||
|
|||||||||
Credits
TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:55:11.852Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Rendezvous",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "8.5.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Rendezvous Developer Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "8.5.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability."
}
],
"datePublic": "2021-03-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), Rendezvous Secure C API, Rendezvous Java API, and Rendezvous .Net API components of TIBCO Software Inc.\u0027s TIBCO Rendezvous and TIBCO Rendezvous Developer Edition contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.\u0027s TIBCO Rendezvous: versions 8.5.1 and below and TIBCO Rendezvous Developer Edition: versions 8.5.1 and below."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-23T20:15:22",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/services/support/advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Rendezvous versions 8.5.1 and below update to version 8.5.2 or higher\nTIBCO Rendezvous Developer Edition versions 8.5.1 and below update to version 8.5.2 or higher"
}
],
"source": {
"discovery": "Will Dormann of CERT/CC"
},
"title": "TIBCO Rendezvous Windows Platform Artifact Search vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2021-03-23T17:00:00Z",
"ID": "CVE-2021-28818",
"STATE": "PUBLIC",
"TITLE": "TIBCO Rendezvous Windows Platform Artifact Search vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Rendezvous",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "8.5.1"
}
]
}
},
{
"product_name": "TIBCO Rendezvous Developer Edition",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "8.5.1"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), Rendezvous Secure C API, Rendezvous Java API, and Rendezvous .Net API components of TIBCO Software Inc.\u0027s TIBCO Rendezvous and TIBCO Rendezvous Developer Edition contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.\u0027s TIBCO Rendezvous: versions 8.5.1 and below and TIBCO Rendezvous Developer Edition: versions 8.5.1 and below."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/services/support/advisories"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Rendezvous versions 8.5.1 and below update to version 8.5.2 or higher\nTIBCO Rendezvous Developer Edition versions 8.5.1 and below update to version 8.5.2 or higher"
}
],
"source": {
"discovery": "Will Dormann of CERT/CC"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2021-28818",
"datePublished": "2021-03-23T20:15:22.158888Z",
"dateReserved": "2021-03-18T00:00:00",
"dateUpdated": "2024-09-17T00:55:50.824Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28817 (GCVE-0-2021-28817)
Vulnerability from nvd – Published: 2021-03-23 20:15 – Updated: 2024-09-17 00:51
VLAI?
Title
TIBCO Rendezvous Windows Platform Installation vulnerability
Summary
The Windows Installation component of TIBCO Software Inc.'s TIBCO Rendezvous and TIBCO Rendezvous Developer Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.'s TIBCO Rendezvous: versions 8.5.1 and below and TIBCO Rendezvous Developer Edition: versions 8.5.1 and below.
Severity ?
8.8 (High)
CWE
- The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Rendezvous |
Affected:
unspecified , ≤ 8.5.1
(custom)
|
|||||||
|
|||||||||
Credits
TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:55:11.598Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Rendezvous",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "8.5.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Rendezvous Developer Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "8.5.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability."
}
],
"datePublic": "2021-03-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Windows Installation component of TIBCO Software Inc.\u0027s TIBCO Rendezvous and TIBCO Rendezvous Developer Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.\u0027s TIBCO Rendezvous: versions 8.5.1 and below and TIBCO Rendezvous Developer Edition: versions 8.5.1 and below."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-23T20:15:21",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/services/support/advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Rendezvous versions 8.5.1 and below update to version 8.5.2 or higher\nTIBCO Rendezvous Developer Edition versions 8.5.1 and below update to version 8.5.2 or higher"
}
],
"source": {
"discovery": "Will Dormann of CERT/CC"
},
"title": "TIBCO Rendezvous Windows Platform Installation vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2021-03-23T17:00:00Z",
"ID": "CVE-2021-28817",
"STATE": "PUBLIC",
"TITLE": "TIBCO Rendezvous Windows Platform Installation vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Rendezvous",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "8.5.1"
}
]
}
},
{
"product_name": "TIBCO Rendezvous Developer Edition",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "8.5.1"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Windows Installation component of TIBCO Software Inc.\u0027s TIBCO Rendezvous and TIBCO Rendezvous Developer Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.\u0027s TIBCO Rendezvous: versions 8.5.1 and below and TIBCO Rendezvous Developer Edition: versions 8.5.1 and below."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/services/support/advisories"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Rendezvous versions 8.5.1 and below update to version 8.5.2 or higher\nTIBCO Rendezvous Developer Edition versions 8.5.1 and below update to version 8.5.2 or higher"
}
],
"source": {
"discovery": "Will Dormann of CERT/CC"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2021-28817",
"datePublished": "2021-03-23T20:15:21.477625Z",
"dateReserved": "2021-03-18T00:00:00",
"dateUpdated": "2024-09-17T00:51:51.446Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12414 (GCVE-0-2018-12414)
Vulnerability from nvd – Published: 2018-11-07 00:00 – Updated: 2024-09-16 21:04
VLAI?
Title
TIBCO Rendezvous Vulnerable to CSRF Attacks
Summary
The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), and Rendezvous Daemon Manager (rvdm) components of TIBCO Software Inc.'s TIBCO Rendezvous, TIBCO Rendezvous Developer Edition, TIBCO Rendezvous for z/Linux, TIBCO Rendezvous for z/OS, TIBCO Rendezvous Network Server, TIBCO Substation ES contain vulnerabilities which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Rendezvous: versions up to and including 8.4.5, TIBCO Rendezvous Developer Edition: versions up to and including 8.4.5, TIBCO Rendezvous for z/Linux: versions up to and including 8.4.5, TIBCO Rendezvous for z/OS: versions up to and including 8.4.5, TIBCO Rendezvous Network Server: versions up to and including 1.1.2, and TIBCO Substation ES: versions up to and including 2.12.2.
Severity ?
7.5 (High)
CWE
- The impact of these vulnerabilities includes the theoretical possibility of reconfiguring all messaging handled by TIBCO Rendezvous (RV). With such access, the attacker might also be able to gain access to all data sent via RV.
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Rendezvous |
Affected:
unspecified , ≤ 8.4.5
(custom)
|
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:38:05.517Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105871",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105871"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-rendezvous"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Rendezvous",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "8.4.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Rendezvous Developer Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "8.4.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Rendezvous for z/Linux",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "8.4.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Rendezvous for z/OS",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "8.4.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Rendezvous Network Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "1.1.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Substation ES",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "2.12.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), and Rendezvous Daemon Manager (rvdm) components of TIBCO Software Inc.\u0027s TIBCO Rendezvous, TIBCO Rendezvous Developer Edition, TIBCO Rendezvous for z/Linux, TIBCO Rendezvous for z/OS, TIBCO Rendezvous Network Server, TIBCO Substation ES contain vulnerabilities which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.\u0027s TIBCO Rendezvous: versions up to and including 8.4.5, TIBCO Rendezvous Developer Edition: versions up to and including 8.4.5, TIBCO Rendezvous for z/Linux: versions up to and including 8.4.5, TIBCO Rendezvous for z/OS: versions up to and including 8.4.5, TIBCO Rendezvous Network Server: versions up to and including 1.1.2, and TIBCO Substation ES: versions up to and including 2.12.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of these vulnerabilities includes the theoretical possibility of reconfiguring all messaging handled by TIBCO Rendezvous (RV). With such access, the attacker might also be able to gain access to all data sent via RV.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-10T10:57:02",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"name": "105871",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105871"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-rendezvous"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO Rendezvous versions 8.4.5 and below update to version 8.4.6 or higher\nTIBCO Rendezvous Developer Edition versions 8.4.5 and below update to version 8.4.6 or higher\nTIBCO Rendezvous for z/Linux versions 8.4.5 and below update to version 8.4.6 or higher\nTIBCO Rendezvous for z/OS versions 8.4.5 and below update to version 8.4.6 or higher\nTIBCO Rendezvous Network Server versions 1.1.2 and below update to version 1.1.3 or higher\nTIBCO Substation ES versions 2.12.0 and below update to version 2.12.1 or higher"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "TIBCO Rendezvous Vulnerable to CSRF Attacks",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2018-11-06T17:00:00.000Z",
"ID": "CVE-2018-12414",
"STATE": "PUBLIC",
"TITLE": "TIBCO Rendezvous Vulnerable to CSRF Attacks"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Rendezvous",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "8.4.5"
}
]
}
},
{
"product_name": "TIBCO Rendezvous Developer Edition",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "8.4.5"
}
]
}
},
{
"product_name": "TIBCO Rendezvous for z/Linux",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "8.4.5"
}
]
}
},
{
"product_name": "TIBCO Rendezvous for z/OS",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "8.4.5"
}
]
}
},
{
"product_name": "TIBCO Rendezvous Network Server",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "1.1.2"
}
]
}
},
{
"product_name": "TIBCO Substation ES",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "2.12.2"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), and Rendezvous Daemon Manager (rvdm) components of TIBCO Software Inc.\u0027s TIBCO Rendezvous, TIBCO Rendezvous Developer Edition, TIBCO Rendezvous for z/Linux, TIBCO Rendezvous for z/OS, TIBCO Rendezvous Network Server, TIBCO Substation ES contain vulnerabilities which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.\u0027s TIBCO Rendezvous: versions up to and including 8.4.5, TIBCO Rendezvous Developer Edition: versions up to and including 8.4.5, TIBCO Rendezvous for z/Linux: versions up to and including 8.4.5, TIBCO Rendezvous for z/OS: versions up to and including 8.4.5, TIBCO Rendezvous Network Server: versions up to and including 1.1.2, and TIBCO Substation ES: versions up to and including 2.12.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of these vulnerabilities includes the theoretical possibility of reconfiguring all messaging handled by TIBCO Rendezvous (RV). With such access, the attacker might also be able to gain access to all data sent via RV."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105871",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105871"
},
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "MISC",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-rendezvous",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-rendezvous"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO Rendezvous versions 8.4.5 and below update to version 8.4.6 or higher\nTIBCO Rendezvous Developer Edition versions 8.4.5 and below update to version 8.4.6 or higher\nTIBCO Rendezvous for z/Linux versions 8.4.5 and below update to version 8.4.6 or higher\nTIBCO Rendezvous for z/OS versions 8.4.5 and below update to version 8.4.6 or higher\nTIBCO Rendezvous Network Server versions 1.1.2 and below update to version 1.1.3 or higher\nTIBCO Substation ES versions 2.12.0 and below update to version 2.12.1 or higher"
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2018-12414",
"datePublished": "2018-11-07T00:00:00Z",
"dateReserved": "2018-06-14T00:00:00",
"dateUpdated": "2024-09-16T21:04:22.688Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-4555 (GCVE-0-2015-4555)
Vulnerability from nvd – Published: 2015-08-30 14:00 – Updated: 2024-08-06 06:18
VLAI?
Summary
Buffer overflow in the HTTP administrative interface in TIBCO Rendezvous before 8.4.4, Rendezvous Network Server before 1.1.1, Substation ES before 2.9.0, and Messaging Appliance before 8.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the Rendezvous Daemon (rvd), Routing Daemon (rvrd), Secure Daemon (rvsd), Secure Routing Daemon (rvsrd), Gateway Daemon (rvgd), Daemon Adapter (rvda), Cache (rvcache), Agent (rva), and Relay Agent (rvrad) components.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:18:12.137Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1033677",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033677"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/assets/blt18493dc775c50c09/2015-002-advisory.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-08-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the HTTP administrative interface in TIBCO Rendezvous before 8.4.4, Rendezvous Network Server before 1.1.1, Substation ES before 2.9.0, and Messaging Appliance before 8.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the Rendezvous Daemon (rvd), Routing Daemon (rvrd), Secure Daemon (rvsd), Secure Routing Daemon (rvsrd), Gateway Daemon (rvgd), Daemon Adapter (rvda), Cache (rvcache), Agent (rva), and Relay Agent (rvrad) components."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1033677",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033677"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/assets/blt18493dc775c50c09/2015-002-advisory.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4555",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the HTTP administrative interface in TIBCO Rendezvous before 8.4.4, Rendezvous Network Server before 1.1.1, Substation ES before 2.9.0, and Messaging Appliance before 8.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the Rendezvous Daemon (rvd), Routing Daemon (rvrd), Secure Daemon (rvsd), Secure Routing Daemon (rvsrd), Gateway Daemon (rvgd), Daemon Adapter (rvda), Cache (rvcache), Agent (rva), and Relay Agent (rvrad) components."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033677",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033677"
},
{
"name": "http://www.tibco.com/mk/advisory.jsp",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"name": "http://www.tibco.com/assets/blt18493dc775c50c09/2015-002-advisory.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/assets/blt18493dc775c50c09/2015-002-advisory.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-4555",
"datePublished": "2015-08-30T14:00:00",
"dateReserved": "2015-06-14T00:00:00",
"dateUpdated": "2024-08-06T06:18:12.137Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2543 (GCVE-0-2014-2543)
Vulnerability from nvd – Published: 2014-04-08 17:00 – Updated: 2024-08-06 10:21
VLAI?
Summary
Buffer overflow in the Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 allows remote attackers to execute arbitrary code by leveraging access to a directly connected client and transmitting crafted data.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:21:35.966Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt"
},
{
"name": "66744",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/66744"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"name": "1030070",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030070"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 allows remote attackers to execute arbitrary code by leveraging access to a directly connected client and transmitting crafted data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-14T17:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt"
},
{
"name": "66744",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/66744"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"name": "1030070",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030070"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2543",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 allows remote attackers to execute arbitrary code by leveraging access to a directly connected client and transmitting crafted data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt"
},
{
"name": "66744",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66744"
},
{
"name": "http://www.tibco.com/mk/advisory.jsp",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"name": "1030070",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030070"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2543",
"datePublished": "2014-04-08T17:00:00",
"dateReserved": "2014-03-18T00:00:00",
"dateUpdated": "2024-08-06T10:21:35.966Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2542 (GCVE-0-2014-2542)
Vulnerability from nvd – Published: 2014-04-08 17:00 – Updated: 2024-08-06 10:14
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:26.653Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "66737",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/66737"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"name": "1030070",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030070"
},
{
"name": "101873",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101873"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-18T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "66737",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/66737"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"name": "1030070",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030070"
},
{
"name": "101873",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101873"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2542",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "66737",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66737"
},
{
"name": "http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt"
},
{
"name": "http://www.tibco.com/mk/advisory.jsp",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"name": "1030070",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030070"
},
{
"name": "101873",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101873"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2542",
"datePublished": "2014-04-08T17:00:00",
"dateReserved": "2014-03-18T00:00:00",
"dateUpdated": "2024-08-06T10:14:26.653Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2541 (GCVE-0-2014-2541)
Vulnerability from nvd – Published: 2014-04-08 17:00 – Updated: 2024-08-06 10:14
VLAI?
Summary
The Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 do not properly implement access control, which allows remote attackers to obtain sensitive information or modify transmitted information via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:26.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"name": "1030070",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030070"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 do not properly implement access control, which allows remote attackers to obtain sensitive information or modify transmitted information via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-14T17:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"name": "1030070",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030070"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2541",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 do not properly implement access control, which allows remote attackers to obtain sensitive information or modify transmitted information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt"
},
{
"name": "http://www.tibco.com/mk/advisory.jsp",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"name": "1030070",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030070"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2541",
"datePublished": "2014-04-08T17:00:00",
"dateReserved": "2014-03-18T00:00:00",
"dateUpdated": "2024-08-06T10:14:26.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0649 (GCVE-0-2011-0649)
Vulnerability from nvd – Published: 2011-02-04 00:00 – Updated: 2024-08-06 21:58
VLAI?
Summary
Multiple unspecified vulnerabilities in TIBCO Rendezvous 8.2.1 through 8.3.0, Enterprise Message Service (EMS) 5.1.0 through 6.0.0, Runtime Agent (TRA) 5.6.2 through 5.7.0, Silver BPM Service before 1.0.4, Silver CAP Service vebefore 1.0.2, and Silver BusinessWorks Service 1.0.0, when running on Unix systems, allow local users to gain root privileges via unknown vectors related to SUID and (1) Rendezvous Routing Daemon (rvrd), (2) Rendezvous Secure Daemon (rvsd), (3) Rendezvous Secure Routing Daemon (rvsrd), and (4) EMS Server (tibemsd).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:58:26.051Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43174",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43174"
},
{
"name": "43160",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43160"
},
{
"name": "ADV-2011-0269",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0269"
},
{
"name": "46104",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46104"
},
{
"name": "tibco-suid-privilege-escalation(65105)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65105"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/multimedia/rv_ems_security_advisory_20110201_tcm8-13185.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in TIBCO Rendezvous 8.2.1 through 8.3.0, Enterprise Message Service (EMS) 5.1.0 through 6.0.0, Runtime Agent (TRA) 5.6.2 through 5.7.0, Silver BPM Service before 1.0.4, Silver CAP Service vebefore 1.0.2, and Silver BusinessWorks Service 1.0.0, when running on Unix systems, allow local users to gain root privileges via unknown vectors related to SUID and (1) Rendezvous Routing Daemon (rvrd), (2) Rendezvous Secure Daemon (rvsd), (3) Rendezvous Secure Routing Daemon (rvsrd), and (4) EMS Server (tibemsd)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "43174",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43174"
},
{
"name": "43160",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43160"
},
{
"name": "ADV-2011-0269",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0269"
},
{
"name": "46104",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46104"
},
{
"name": "tibco-suid-privilege-escalation(65105)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65105"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/multimedia/rv_ems_security_advisory_20110201_tcm8-13185.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0649",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in TIBCO Rendezvous 8.2.1 through 8.3.0, Enterprise Message Service (EMS) 5.1.0 through 6.0.0, Runtime Agent (TRA) 5.6.2 through 5.7.0, Silver BPM Service before 1.0.4, Silver CAP Service vebefore 1.0.2, and Silver BusinessWorks Service 1.0.0, when running on Unix systems, allow local users to gain root privileges via unknown vectors related to SUID and (1) Rendezvous Routing Daemon (rvrd), (2) Rendezvous Secure Daemon (rvsd), (3) Rendezvous Secure Routing Daemon (rvsrd), and (4) EMS Server (tibemsd)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43174",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43174"
},
{
"name": "43160",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43160"
},
{
"name": "ADV-2011-0269",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0269"
},
{
"name": "46104",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46104"
},
{
"name": "tibco-suid-privilege-escalation(65105)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65105"
},
{
"name": "http://www.tibco.com/multimedia/rv_ems_security_advisory_20110201_tcm8-13185.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/multimedia/rv_ems_security_advisory_20110201_tcm8-13185.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0649",
"datePublished": "2011-02-04T00:00:00",
"dateReserved": "2011-01-25T00:00:00",
"dateUpdated": "2024-08-06T21:58:26.051Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1703 (GCVE-0-2008-1703)
Vulnerability from nvd – Published: 2008-04-11 10:00 – Updated: 2024-08-07 08:32
VLAI?
Summary
Multiple buffer overflows in TIBCO Software Rendezvous before 8.1.0, as used in multiple TIBCO products, allow remote attackers to execute arbitrary code via a crafted message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:32:01.300Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/resources/mk/rendezvous_security_advisory_20080409.txt"
},
{
"name": "1019826",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019826"
},
{
"name": "tibco-rendezvous-multiple-code-execution(41760)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41760"
},
{
"name": "44269",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/44269"
},
{
"name": "28717",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28717"
},
{
"name": "ADV-2008-1190",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1190/references"
},
{
"name": "29774",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29774"
},
{
"name": "ADV-2008-1189",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1189/references"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in TIBCO Software Rendezvous before 8.1.0, as used in multiple TIBCO products, allow remote attackers to execute arbitrary code via a crafted message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/resources/mk/rendezvous_security_advisory_20080409.txt"
},
{
"name": "1019826",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019826"
},
{
"name": "tibco-rendezvous-multiple-code-execution(41760)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41760"
},
{
"name": "44269",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/44269"
},
{
"name": "28717",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28717"
},
{
"name": "ADV-2008-1190",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1190/references"
},
{
"name": "29774",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29774"
},
{
"name": "ADV-2008-1189",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1189/references"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1703",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in TIBCO Software Rendezvous before 8.1.0, as used in multiple TIBCO products, allow remote attackers to execute arbitrary code via a crafted message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/resources/mk/rendezvous_security_advisory_20080409.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/resources/mk/rendezvous_security_advisory_20080409.txt"
},
{
"name": "1019826",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019826"
},
{
"name": "tibco-rendezvous-multiple-code-execution(41760)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41760"
},
{
"name": "44269",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/44269"
},
{
"name": "28717",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28717"
},
{
"name": "ADV-2008-1190",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1190/references"
},
{
"name": "29774",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29774"
},
{
"name": "ADV-2008-1189",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1189/references"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1703",
"datePublished": "2008-04-11T10:00:00",
"dateReserved": "2008-04-08T00:00:00",
"dateUpdated": "2024-08-07T08:32:01.300Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4159 (GCVE-0-2007-4159)
Vulnerability from nvd – Published: 2007-08-03 21:00 – Updated: 2024-08-07 14:46
VLAI?
Summary
index.html in the HTTP administration interface in certain daemons in TIBCO Rendezvous (RV) 7.5.2 allows remote attackers to obtain sensitive information, such as a user name and IP addresses, via a direct request.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:46:39.380Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1018512",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018512"
},
{
"name": "20070730 Security Testing Enterprise Messaging Systems",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0620.html"
},
{
"name": "46993",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/46993"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.irmplc.com/content/pdfs/Security_Testing_Enterprise_Messaging_Systems.pdf"
},
{
"name": "ADV-2007-2814",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2814"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "index.html in the HTTP administration interface in certain daemons in TIBCO Rendezvous (RV) 7.5.2 allows remote attackers to obtain sensitive information, such as a user name and IP addresses, via a direct request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-08-15T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1018512",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018512"
},
{
"name": "20070730 Security Testing Enterprise Messaging Systems",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0620.html"
},
{
"name": "46993",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/46993"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.irmplc.com/content/pdfs/Security_Testing_Enterprise_Messaging_Systems.pdf"
},
{
"name": "ADV-2007-2814",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2814"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4159",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "index.html in the HTTP administration interface in certain daemons in TIBCO Rendezvous (RV) 7.5.2 allows remote attackers to obtain sensitive information, such as a user name and IP addresses, via a direct request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1018512",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018512"
},
{
"name": "20070730 Security Testing Enterprise Messaging Systems",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0620.html"
},
{
"name": "46993",
"refsource": "OSVDB",
"url": "http://osvdb.org/46993"
},
{
"name": "http://www.irmplc.com/content/pdfs/Security_Testing_Enterprise_Messaging_Systems.pdf",
"refsource": "MISC",
"url": "http://www.irmplc.com/content/pdfs/Security_Testing_Enterprise_Messaging_Systems.pdf"
},
{
"name": "ADV-2007-2814",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2814"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4159",
"datePublished": "2007-08-03T21:00:00",
"dateReserved": "2007-08-03T00:00:00",
"dateUpdated": "2024-08-07T14:46:39.380Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4162 (GCVE-0-2007-4162)
Vulnerability from nvd – Published: 2007-08-03 21:00 – Updated: 2024-08-07 14:46
VLAI?
Summary
TIBCO Rendezvous (RV) 7.5.2 does not protect confidentiality or integrity of inter-daemon communication, which allows remote attackers to capture and spoof traffic.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:46:39.405Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1018512",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018512"
},
{
"name": "20070730 Security Testing Enterprise Messaging Systems",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0620.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.irmplc.com/content/pdfs/Security_Testing_Enterprise_Messaging_Systems.pdf"
},
{
"name": "46991",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/46991"
},
{
"name": "ADV-2007-2814",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2814"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "TIBCO Rendezvous (RV) 7.5.2 does not protect confidentiality or integrity of inter-daemon communication, which allows remote attackers to capture and spoof traffic."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-08-15T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1018512",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018512"
},
{
"name": "20070730 Security Testing Enterprise Messaging Systems",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0620.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.irmplc.com/content/pdfs/Security_Testing_Enterprise_Messaging_Systems.pdf"
},
{
"name": "46991",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/46991"
},
{
"name": "ADV-2007-2814",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2814"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4162",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TIBCO Rendezvous (RV) 7.5.2 does not protect confidentiality or integrity of inter-daemon communication, which allows remote attackers to capture and spoof traffic."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1018512",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018512"
},
{
"name": "20070730 Security Testing Enterprise Messaging Systems",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0620.html"
},
{
"name": "http://www.irmplc.com/content/pdfs/Security_Testing_Enterprise_Messaging_Systems.pdf",
"refsource": "MISC",
"url": "http://www.irmplc.com/content/pdfs/Security_Testing_Enterprise_Messaging_Systems.pdf"
},
{
"name": "46991",
"refsource": "OSVDB",
"url": "http://osvdb.org/46991"
},
{
"name": "ADV-2007-2814",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2814"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4162",
"datePublished": "2007-08-03T21:00:00",
"dateReserved": "2007-08-03T00:00:00",
"dateUpdated": "2024-08-07T14:46:39.405Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4158 (GCVE-0-2007-4158)
Vulnerability from nvd – Published: 2007-08-03 21:00 – Updated: 2024-08-07 14:46
VLAI?
Summary
Memory leak in TIBCO Rendezvous (RV) daemon (rvd) 7.5.2, 7.5.3 and 7.5.4 allows remote attackers to cause a denial of service (memory consumption) via a packet with a length field of zero, a different vulnerability than CVE-2006-2830.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:46:39.365Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "37680",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37680"
},
{
"name": "20071203 CVE-2007-4158 == CVE-2007-5553?",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://www.attrition.org/pipermail/vim/2007-December/001855.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.irmplc.com/index.php/111-Vendor-Alerts"
},
{
"name": "1018512",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018512"
},
{
"name": "20070730 Security Testing Enterprise Messaging Systems",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0620.html"
},
{
"name": "25132",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25132"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.irmplc.com/content/pdfs/Security_Testing_Enterprise_Messaging_Systems.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.irmplc.com/index.php/160-Advisory-025"
},
{
"name": "26337",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26337"
},
{
"name": "ADV-2007-2814",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2814"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Memory leak in TIBCO Rendezvous (RV) daemon (rvd) 7.5.2, 7.5.3 and 7.5.4 allows remote attackers to cause a denial of service (memory consumption) via a packet with a length field of zero, a different vulnerability than CVE-2006-2830."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-08-15T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "37680",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37680"
},
{
"name": "20071203 CVE-2007-4158 == CVE-2007-5553?",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://www.attrition.org/pipermail/vim/2007-December/001855.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.irmplc.com/index.php/111-Vendor-Alerts"
},
{
"name": "1018512",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018512"
},
{
"name": "20070730 Security Testing Enterprise Messaging Systems",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0620.html"
},
{
"name": "25132",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25132"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.irmplc.com/content/pdfs/Security_Testing_Enterprise_Messaging_Systems.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.irmplc.com/index.php/160-Advisory-025"
},
{
"name": "26337",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26337"
},
{
"name": "ADV-2007-2814",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2814"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4158",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in TIBCO Rendezvous (RV) daemon (rvd) 7.5.2, 7.5.3 and 7.5.4 allows remote attackers to cause a denial of service (memory consumption) via a packet with a length field of zero, a different vulnerability than CVE-2006-2830."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37680",
"refsource": "OSVDB",
"url": "http://osvdb.org/37680"
},
{
"name": "20071203 CVE-2007-4158 == CVE-2007-5553?",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2007-December/001855.html"
},
{
"name": "http://www.irmplc.com/index.php/111-Vendor-Alerts",
"refsource": "MISC",
"url": "http://www.irmplc.com/index.php/111-Vendor-Alerts"
},
{
"name": "1018512",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018512"
},
{
"name": "20070730 Security Testing Enterprise Messaging Systems",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0620.html"
},
{
"name": "25132",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25132"
},
{
"name": "http://www.irmplc.com/content/pdfs/Security_Testing_Enterprise_Messaging_Systems.pdf",
"refsource": "MISC",
"url": "http://www.irmplc.com/content/pdfs/Security_Testing_Enterprise_Messaging_Systems.pdf"
},
{
"name": "http://www.irmplc.com/index.php/160-Advisory-025",
"refsource": "MISC",
"url": "http://www.irmplc.com/index.php/160-Advisory-025"
},
{
"name": "26337",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26337"
},
{
"name": "ADV-2007-2814",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2814"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4158",
"datePublished": "2007-08-03T21:00:00",
"dateReserved": "2007-08-03T00:00:00",
"dateUpdated": "2024-08-07T14:46:39.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4161 (GCVE-0-2007-4161)
Vulnerability from nvd – Published: 2007-08-03 21:00 – Updated: 2024-08-07 14:46
VLAI?
Summary
rvd in TIBCO Rendezvous (RV) 7.5.2, when -no-lead-wc is omitted, might allow remote attackers to cause a denial of service (network instability) via a subject name with a leading (1) '*' (asterisk) or (2) '>' (greater than) wildcard character.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:46:39.354Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1018512",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018512"
},
{
"name": "37681",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37681"
},
{
"name": "20070730 Security Testing Enterprise Messaging Systems",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0620.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.irmplc.com/content/pdfs/Security_Testing_Enterprise_Messaging_Systems.pdf"
},
{
"name": "26337",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26337"
},
{
"name": "ADV-2007-2814",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2814"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "rvd in TIBCO Rendezvous (RV) 7.5.2, when -no-lead-wc is omitted, might allow remote attackers to cause a denial of service (network instability) via a subject name with a leading (1) \u0027*\u0027 (asterisk) or (2) \u0027\u003e\u0027 (greater than) wildcard character."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-08-15T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1018512",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018512"
},
{
"name": "37681",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37681"
},
{
"name": "20070730 Security Testing Enterprise Messaging Systems",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0620.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.irmplc.com/content/pdfs/Security_Testing_Enterprise_Messaging_Systems.pdf"
},
{
"name": "26337",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26337"
},
{
"name": "ADV-2007-2814",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2814"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4161",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "rvd in TIBCO Rendezvous (RV) 7.5.2, when -no-lead-wc is omitted, might allow remote attackers to cause a denial of service (network instability) via a subject name with a leading (1) \u0027*\u0027 (asterisk) or (2) \u0027\u003e\u0027 (greater than) wildcard character."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1018512",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018512"
},
{
"name": "37681",
"refsource": "OSVDB",
"url": "http://osvdb.org/37681"
},
{
"name": "20070730 Security Testing Enterprise Messaging Systems",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0620.html"
},
{
"name": "http://www.irmplc.com/content/pdfs/Security_Testing_Enterprise_Messaging_Systems.pdf",
"refsource": "MISC",
"url": "http://www.irmplc.com/content/pdfs/Security_Testing_Enterprise_Messaging_Systems.pdf"
},
{
"name": "26337",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26337"
},
{
"name": "ADV-2007-2814",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2814"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4161",
"datePublished": "2007-08-03T21:00:00",
"dateReserved": "2007-08-03T00:00:00",
"dateUpdated": "2024-08-07T14:46:39.354Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4160 (GCVE-0-2007-4160)
Vulnerability from nvd – Published: 2007-08-03 21:00 – Updated: 2024-08-07 14:46
VLAI?
Summary
The default configuration of TIBCO Rendezvous (RV) 7.5.2 clients, when -no-multicast is omitted, uses a multicast group as the destination for a network message, which might make it easier for remote attackers to capture message contents by sniffing the network.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:46:39.385Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1018512",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018512"
},
{
"name": "20070730 Security Testing Enterprise Messaging Systems",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0620.html"
},
{
"name": "46992",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/46992"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.irmplc.com/content/pdfs/Security_Testing_Enterprise_Messaging_Systems.pdf"
},
{
"name": "ADV-2007-2814",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2814"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The default configuration of TIBCO Rendezvous (RV) 7.5.2 clients, when -no-multicast is omitted, uses a multicast group as the destination for a network message, which might make it easier for remote attackers to capture message contents by sniffing the network."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-08-15T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1018512",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018512"
},
{
"name": "20070730 Security Testing Enterprise Messaging Systems",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0620.html"
},
{
"name": "46992",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/46992"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.irmplc.com/content/pdfs/Security_Testing_Enterprise_Messaging_Systems.pdf"
},
{
"name": "ADV-2007-2814",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2814"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4160",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of TIBCO Rendezvous (RV) 7.5.2 clients, when -no-multicast is omitted, uses a multicast group as the destination for a network message, which might make it easier for remote attackers to capture message contents by sniffing the network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1018512",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018512"
},
{
"name": "20070730 Security Testing Enterprise Messaging Systems",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0620.html"
},
{
"name": "46992",
"refsource": "OSVDB",
"url": "http://osvdb.org/46992"
},
{
"name": "http://www.irmplc.com/content/pdfs/Security_Testing_Enterprise_Messaging_Systems.pdf",
"refsource": "MISC",
"url": "http://www.irmplc.com/content/pdfs/Security_Testing_Enterprise_Messaging_Systems.pdf"
},
{
"name": "ADV-2007-2814",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2814"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4160",
"datePublished": "2007-08-03T21:00:00",
"dateReserved": "2007-08-03T00:00:00",
"dateUpdated": "2024-08-07T14:46:39.385Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4676 (GCVE-0-2006-4676)
Vulnerability from nvd – Published: 2006-09-11 17:00 – Updated: 2024-08-07 19:23
VLAI?
Summary
TIBCO RendezVous 7.4.11 and earlier logs base64-encoded usernames and passwords in rvrd.db, which allows local users to obtain sensitive information by decoding the log file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:23:40.357Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21748",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21748"
},
{
"name": "19883",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19883"
},
{
"name": "ADV-2006-3497",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3497"
},
{
"name": "2284",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/2284"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "TIBCO RendezVous 7.4.11 and earlier logs base64-encoded usernames and passwords in rvrd.db, which allows local users to obtain sensitive information by decoding the log file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "21748",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21748"
},
{
"name": "19883",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19883"
},
{
"name": "ADV-2006-3497",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3497"
},
{
"name": "2284",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/2284"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4676",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TIBCO RendezVous 7.4.11 and earlier logs base64-encoded usernames and passwords in rvrd.db, which allows local users to obtain sensitive information by decoding the log file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21748",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21748"
},
{
"name": "19883",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19883"
},
{
"name": "ADV-2006-3497",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3497"
},
{
"name": "2284",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2284"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4676",
"datePublished": "2006-09-11T17:00:00",
"dateReserved": "2006-09-11T00:00:00",
"dateUpdated": "2024-08-07T19:23:40.357Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28818 (GCVE-0-2021-28818)
Vulnerability from cvelistv5 – Published: 2021-03-23 20:15 – Updated: 2024-09-17 00:55
VLAI?
Title
TIBCO Rendezvous Windows Platform Artifact Search vulnerability
Summary
The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), Rendezvous Secure C API, Rendezvous Java API, and Rendezvous .Net API components of TIBCO Software Inc.'s TIBCO Rendezvous and TIBCO Rendezvous Developer Edition contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.'s TIBCO Rendezvous: versions 8.5.1 and below and TIBCO Rendezvous Developer Edition: versions 8.5.1 and below.
Severity ?
8.8 (High)
CWE
- The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Rendezvous |
Affected:
unspecified , ≤ 8.5.1
(custom)
|
|||||||
|
|||||||||
Credits
TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:55:11.852Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Rendezvous",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "8.5.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Rendezvous Developer Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "8.5.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability."
}
],
"datePublic": "2021-03-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), Rendezvous Secure C API, Rendezvous Java API, and Rendezvous .Net API components of TIBCO Software Inc.\u0027s TIBCO Rendezvous and TIBCO Rendezvous Developer Edition contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.\u0027s TIBCO Rendezvous: versions 8.5.1 and below and TIBCO Rendezvous Developer Edition: versions 8.5.1 and below."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-23T20:15:22",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/services/support/advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Rendezvous versions 8.5.1 and below update to version 8.5.2 or higher\nTIBCO Rendezvous Developer Edition versions 8.5.1 and below update to version 8.5.2 or higher"
}
],
"source": {
"discovery": "Will Dormann of CERT/CC"
},
"title": "TIBCO Rendezvous Windows Platform Artifact Search vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2021-03-23T17:00:00Z",
"ID": "CVE-2021-28818",
"STATE": "PUBLIC",
"TITLE": "TIBCO Rendezvous Windows Platform Artifact Search vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Rendezvous",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "8.5.1"
}
]
}
},
{
"product_name": "TIBCO Rendezvous Developer Edition",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "8.5.1"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), Rendezvous Secure C API, Rendezvous Java API, and Rendezvous .Net API components of TIBCO Software Inc.\u0027s TIBCO Rendezvous and TIBCO Rendezvous Developer Edition contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.\u0027s TIBCO Rendezvous: versions 8.5.1 and below and TIBCO Rendezvous Developer Edition: versions 8.5.1 and below."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/services/support/advisories"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Rendezvous versions 8.5.1 and below update to version 8.5.2 or higher\nTIBCO Rendezvous Developer Edition versions 8.5.1 and below update to version 8.5.2 or higher"
}
],
"source": {
"discovery": "Will Dormann of CERT/CC"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2021-28818",
"datePublished": "2021-03-23T20:15:22.158888Z",
"dateReserved": "2021-03-18T00:00:00",
"dateUpdated": "2024-09-17T00:55:50.824Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28817 (GCVE-0-2021-28817)
Vulnerability from cvelistv5 – Published: 2021-03-23 20:15 – Updated: 2024-09-17 00:51
VLAI?
Title
TIBCO Rendezvous Windows Platform Installation vulnerability
Summary
The Windows Installation component of TIBCO Software Inc.'s TIBCO Rendezvous and TIBCO Rendezvous Developer Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.'s TIBCO Rendezvous: versions 8.5.1 and below and TIBCO Rendezvous Developer Edition: versions 8.5.1 and below.
Severity ?
8.8 (High)
CWE
- The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Rendezvous |
Affected:
unspecified , ≤ 8.5.1
(custom)
|
|||||||
|
|||||||||
Credits
TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:55:11.598Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Rendezvous",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "8.5.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Rendezvous Developer Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "8.5.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability."
}
],
"datePublic": "2021-03-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Windows Installation component of TIBCO Software Inc.\u0027s TIBCO Rendezvous and TIBCO Rendezvous Developer Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.\u0027s TIBCO Rendezvous: versions 8.5.1 and below and TIBCO Rendezvous Developer Edition: versions 8.5.1 and below."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-23T20:15:21",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/services/support/advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Rendezvous versions 8.5.1 and below update to version 8.5.2 or higher\nTIBCO Rendezvous Developer Edition versions 8.5.1 and below update to version 8.5.2 or higher"
}
],
"source": {
"discovery": "Will Dormann of CERT/CC"
},
"title": "TIBCO Rendezvous Windows Platform Installation vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2021-03-23T17:00:00Z",
"ID": "CVE-2021-28817",
"STATE": "PUBLIC",
"TITLE": "TIBCO Rendezvous Windows Platform Installation vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Rendezvous",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "8.5.1"
}
]
}
},
{
"product_name": "TIBCO Rendezvous Developer Edition",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "8.5.1"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Windows Installation component of TIBCO Software Inc.\u0027s TIBCO Rendezvous and TIBCO Rendezvous Developer Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.\u0027s TIBCO Rendezvous: versions 8.5.1 and below and TIBCO Rendezvous Developer Edition: versions 8.5.1 and below."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/services/support/advisories"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Rendezvous versions 8.5.1 and below update to version 8.5.2 or higher\nTIBCO Rendezvous Developer Edition versions 8.5.1 and below update to version 8.5.2 or higher"
}
],
"source": {
"discovery": "Will Dormann of CERT/CC"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2021-28817",
"datePublished": "2021-03-23T20:15:21.477625Z",
"dateReserved": "2021-03-18T00:00:00",
"dateUpdated": "2024-09-17T00:51:51.446Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12414 (GCVE-0-2018-12414)
Vulnerability from cvelistv5 – Published: 2018-11-07 00:00 – Updated: 2024-09-16 21:04
VLAI?
Title
TIBCO Rendezvous Vulnerable to CSRF Attacks
Summary
The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), and Rendezvous Daemon Manager (rvdm) components of TIBCO Software Inc.'s TIBCO Rendezvous, TIBCO Rendezvous Developer Edition, TIBCO Rendezvous for z/Linux, TIBCO Rendezvous for z/OS, TIBCO Rendezvous Network Server, TIBCO Substation ES contain vulnerabilities which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Rendezvous: versions up to and including 8.4.5, TIBCO Rendezvous Developer Edition: versions up to and including 8.4.5, TIBCO Rendezvous for z/Linux: versions up to and including 8.4.5, TIBCO Rendezvous for z/OS: versions up to and including 8.4.5, TIBCO Rendezvous Network Server: versions up to and including 1.1.2, and TIBCO Substation ES: versions up to and including 2.12.2.
Severity ?
7.5 (High)
CWE
- The impact of these vulnerabilities includes the theoretical possibility of reconfiguring all messaging handled by TIBCO Rendezvous (RV). With such access, the attacker might also be able to gain access to all data sent via RV.
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Rendezvous |
Affected:
unspecified , ≤ 8.4.5
(custom)
|
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:38:05.517Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105871",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105871"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-rendezvous"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Rendezvous",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "8.4.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Rendezvous Developer Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "8.4.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Rendezvous for z/Linux",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "8.4.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Rendezvous for z/OS",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "8.4.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Rendezvous Network Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "1.1.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Substation ES",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "2.12.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), and Rendezvous Daemon Manager (rvdm) components of TIBCO Software Inc.\u0027s TIBCO Rendezvous, TIBCO Rendezvous Developer Edition, TIBCO Rendezvous for z/Linux, TIBCO Rendezvous for z/OS, TIBCO Rendezvous Network Server, TIBCO Substation ES contain vulnerabilities which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.\u0027s TIBCO Rendezvous: versions up to and including 8.4.5, TIBCO Rendezvous Developer Edition: versions up to and including 8.4.5, TIBCO Rendezvous for z/Linux: versions up to and including 8.4.5, TIBCO Rendezvous for z/OS: versions up to and including 8.4.5, TIBCO Rendezvous Network Server: versions up to and including 1.1.2, and TIBCO Substation ES: versions up to and including 2.12.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of these vulnerabilities includes the theoretical possibility of reconfiguring all messaging handled by TIBCO Rendezvous (RV). With such access, the attacker might also be able to gain access to all data sent via RV.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-10T10:57:02",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"name": "105871",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105871"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-rendezvous"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO Rendezvous versions 8.4.5 and below update to version 8.4.6 or higher\nTIBCO Rendezvous Developer Edition versions 8.4.5 and below update to version 8.4.6 or higher\nTIBCO Rendezvous for z/Linux versions 8.4.5 and below update to version 8.4.6 or higher\nTIBCO Rendezvous for z/OS versions 8.4.5 and below update to version 8.4.6 or higher\nTIBCO Rendezvous Network Server versions 1.1.2 and below update to version 1.1.3 or higher\nTIBCO Substation ES versions 2.12.0 and below update to version 2.12.1 or higher"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "TIBCO Rendezvous Vulnerable to CSRF Attacks",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2018-11-06T17:00:00.000Z",
"ID": "CVE-2018-12414",
"STATE": "PUBLIC",
"TITLE": "TIBCO Rendezvous Vulnerable to CSRF Attacks"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Rendezvous",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "8.4.5"
}
]
}
},
{
"product_name": "TIBCO Rendezvous Developer Edition",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "8.4.5"
}
]
}
},
{
"product_name": "TIBCO Rendezvous for z/Linux",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "8.4.5"
}
]
}
},
{
"product_name": "TIBCO Rendezvous for z/OS",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "8.4.5"
}
]
}
},
{
"product_name": "TIBCO Rendezvous Network Server",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "1.1.2"
}
]
}
},
{
"product_name": "TIBCO Substation ES",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "2.12.2"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), and Rendezvous Daemon Manager (rvdm) components of TIBCO Software Inc.\u0027s TIBCO Rendezvous, TIBCO Rendezvous Developer Edition, TIBCO Rendezvous for z/Linux, TIBCO Rendezvous for z/OS, TIBCO Rendezvous Network Server, TIBCO Substation ES contain vulnerabilities which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.\u0027s TIBCO Rendezvous: versions up to and including 8.4.5, TIBCO Rendezvous Developer Edition: versions up to and including 8.4.5, TIBCO Rendezvous for z/Linux: versions up to and including 8.4.5, TIBCO Rendezvous for z/OS: versions up to and including 8.4.5, TIBCO Rendezvous Network Server: versions up to and including 1.1.2, and TIBCO Substation ES: versions up to and including 2.12.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of these vulnerabilities includes the theoretical possibility of reconfiguring all messaging handled by TIBCO Rendezvous (RV). With such access, the attacker might also be able to gain access to all data sent via RV."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105871",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105871"
},
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "MISC",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-rendezvous",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-rendezvous"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO Rendezvous versions 8.4.5 and below update to version 8.4.6 or higher\nTIBCO Rendezvous Developer Edition versions 8.4.5 and below update to version 8.4.6 or higher\nTIBCO Rendezvous for z/Linux versions 8.4.5 and below update to version 8.4.6 or higher\nTIBCO Rendezvous for z/OS versions 8.4.5 and below update to version 8.4.6 or higher\nTIBCO Rendezvous Network Server versions 1.1.2 and below update to version 1.1.3 or higher\nTIBCO Substation ES versions 2.12.0 and below update to version 2.12.1 or higher"
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2018-12414",
"datePublished": "2018-11-07T00:00:00Z",
"dateReserved": "2018-06-14T00:00:00",
"dateUpdated": "2024-09-16T21:04:22.688Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-4555 (GCVE-0-2015-4555)
Vulnerability from cvelistv5 – Published: 2015-08-30 14:00 – Updated: 2024-08-06 06:18
VLAI?
Summary
Buffer overflow in the HTTP administrative interface in TIBCO Rendezvous before 8.4.4, Rendezvous Network Server before 1.1.1, Substation ES before 2.9.0, and Messaging Appliance before 8.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the Rendezvous Daemon (rvd), Routing Daemon (rvrd), Secure Daemon (rvsd), Secure Routing Daemon (rvsrd), Gateway Daemon (rvgd), Daemon Adapter (rvda), Cache (rvcache), Agent (rva), and Relay Agent (rvrad) components.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:18:12.137Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1033677",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033677"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/assets/blt18493dc775c50c09/2015-002-advisory.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-08-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the HTTP administrative interface in TIBCO Rendezvous before 8.4.4, Rendezvous Network Server before 1.1.1, Substation ES before 2.9.0, and Messaging Appliance before 8.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the Rendezvous Daemon (rvd), Routing Daemon (rvrd), Secure Daemon (rvsd), Secure Routing Daemon (rvsrd), Gateway Daemon (rvgd), Daemon Adapter (rvda), Cache (rvcache), Agent (rva), and Relay Agent (rvrad) components."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1033677",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033677"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/assets/blt18493dc775c50c09/2015-002-advisory.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4555",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the HTTP administrative interface in TIBCO Rendezvous before 8.4.4, Rendezvous Network Server before 1.1.1, Substation ES before 2.9.0, and Messaging Appliance before 8.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the Rendezvous Daemon (rvd), Routing Daemon (rvrd), Secure Daemon (rvsd), Secure Routing Daemon (rvsrd), Gateway Daemon (rvgd), Daemon Adapter (rvda), Cache (rvcache), Agent (rva), and Relay Agent (rvrad) components."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033677",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033677"
},
{
"name": "http://www.tibco.com/mk/advisory.jsp",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"name": "http://www.tibco.com/assets/blt18493dc775c50c09/2015-002-advisory.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/assets/blt18493dc775c50c09/2015-002-advisory.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-4555",
"datePublished": "2015-08-30T14:00:00",
"dateReserved": "2015-06-14T00:00:00",
"dateUpdated": "2024-08-06T06:18:12.137Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2541 (GCVE-0-2014-2541)
Vulnerability from cvelistv5 – Published: 2014-04-08 17:00 – Updated: 2024-08-06 10:14
VLAI?
Summary
The Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 do not properly implement access control, which allows remote attackers to obtain sensitive information or modify transmitted information via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:26.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"name": "1030070",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030070"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 do not properly implement access control, which allows remote attackers to obtain sensitive information or modify transmitted information via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-14T17:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"name": "1030070",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030070"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2541",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 do not properly implement access control, which allows remote attackers to obtain sensitive information or modify transmitted information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt"
},
{
"name": "http://www.tibco.com/mk/advisory.jsp",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"name": "1030070",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030070"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2541",
"datePublished": "2014-04-08T17:00:00",
"dateReserved": "2014-03-18T00:00:00",
"dateUpdated": "2024-08-06T10:14:26.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2542 (GCVE-0-2014-2542)
Vulnerability from cvelistv5 – Published: 2014-04-08 17:00 – Updated: 2024-08-06 10:14
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:26.653Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "66737",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/66737"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"name": "1030070",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030070"
},
{
"name": "101873",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101873"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-18T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "66737",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/66737"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"name": "1030070",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030070"
},
{
"name": "101873",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101873"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2542",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "66737",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66737"
},
{
"name": "http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt"
},
{
"name": "http://www.tibco.com/mk/advisory.jsp",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"name": "1030070",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030070"
},
{
"name": "101873",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101873"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2542",
"datePublished": "2014-04-08T17:00:00",
"dateReserved": "2014-03-18T00:00:00",
"dateUpdated": "2024-08-06T10:14:26.653Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2543 (GCVE-0-2014-2543)
Vulnerability from cvelistv5 – Published: 2014-04-08 17:00 – Updated: 2024-08-06 10:21
VLAI?
Summary
Buffer overflow in the Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 allows remote attackers to execute arbitrary code by leveraging access to a directly connected client and transmitting crafted data.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:21:35.966Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt"
},
{
"name": "66744",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/66744"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"name": "1030070",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030070"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 allows remote attackers to execute arbitrary code by leveraging access to a directly connected client and transmitting crafted data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-14T17:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt"
},
{
"name": "66744",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/66744"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"name": "1030070",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030070"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2543",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 allows remote attackers to execute arbitrary code by leveraging access to a directly connected client and transmitting crafted data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt"
},
{
"name": "66744",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66744"
},
{
"name": "http://www.tibco.com/mk/advisory.jsp",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"name": "1030070",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030070"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2543",
"datePublished": "2014-04-08T17:00:00",
"dateReserved": "2014-03-18T00:00:00",
"dateUpdated": "2024-08-06T10:21:35.966Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0649 (GCVE-0-2011-0649)
Vulnerability from cvelistv5 – Published: 2011-02-04 00:00 – Updated: 2024-08-06 21:58
VLAI?
Summary
Multiple unspecified vulnerabilities in TIBCO Rendezvous 8.2.1 through 8.3.0, Enterprise Message Service (EMS) 5.1.0 through 6.0.0, Runtime Agent (TRA) 5.6.2 through 5.7.0, Silver BPM Service before 1.0.4, Silver CAP Service vebefore 1.0.2, and Silver BusinessWorks Service 1.0.0, when running on Unix systems, allow local users to gain root privileges via unknown vectors related to SUID and (1) Rendezvous Routing Daemon (rvrd), (2) Rendezvous Secure Daemon (rvsd), (3) Rendezvous Secure Routing Daemon (rvsrd), and (4) EMS Server (tibemsd).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:58:26.051Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43174",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43174"
},
{
"name": "43160",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43160"
},
{
"name": "ADV-2011-0269",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0269"
},
{
"name": "46104",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46104"
},
{
"name": "tibco-suid-privilege-escalation(65105)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65105"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/multimedia/rv_ems_security_advisory_20110201_tcm8-13185.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in TIBCO Rendezvous 8.2.1 through 8.3.0, Enterprise Message Service (EMS) 5.1.0 through 6.0.0, Runtime Agent (TRA) 5.6.2 through 5.7.0, Silver BPM Service before 1.0.4, Silver CAP Service vebefore 1.0.2, and Silver BusinessWorks Service 1.0.0, when running on Unix systems, allow local users to gain root privileges via unknown vectors related to SUID and (1) Rendezvous Routing Daemon (rvrd), (2) Rendezvous Secure Daemon (rvsd), (3) Rendezvous Secure Routing Daemon (rvsrd), and (4) EMS Server (tibemsd)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "43174",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43174"
},
{
"name": "43160",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43160"
},
{
"name": "ADV-2011-0269",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0269"
},
{
"name": "46104",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46104"
},
{
"name": "tibco-suid-privilege-escalation(65105)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65105"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/multimedia/rv_ems_security_advisory_20110201_tcm8-13185.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0649",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in TIBCO Rendezvous 8.2.1 through 8.3.0, Enterprise Message Service (EMS) 5.1.0 through 6.0.0, Runtime Agent (TRA) 5.6.2 through 5.7.0, Silver BPM Service before 1.0.4, Silver CAP Service vebefore 1.0.2, and Silver BusinessWorks Service 1.0.0, when running on Unix systems, allow local users to gain root privileges via unknown vectors related to SUID and (1) Rendezvous Routing Daemon (rvrd), (2) Rendezvous Secure Daemon (rvsd), (3) Rendezvous Secure Routing Daemon (rvsrd), and (4) EMS Server (tibemsd)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43174",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43174"
},
{
"name": "43160",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43160"
},
{
"name": "ADV-2011-0269",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0269"
},
{
"name": "46104",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46104"
},
{
"name": "tibco-suid-privilege-escalation(65105)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65105"
},
{
"name": "http://www.tibco.com/multimedia/rv_ems_security_advisory_20110201_tcm8-13185.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/multimedia/rv_ems_security_advisory_20110201_tcm8-13185.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0649",
"datePublished": "2011-02-04T00:00:00",
"dateReserved": "2011-01-25T00:00:00",
"dateUpdated": "2024-08-06T21:58:26.051Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1703 (GCVE-0-2008-1703)
Vulnerability from cvelistv5 – Published: 2008-04-11 10:00 – Updated: 2024-08-07 08:32
VLAI?
Summary
Multiple buffer overflows in TIBCO Software Rendezvous before 8.1.0, as used in multiple TIBCO products, allow remote attackers to execute arbitrary code via a crafted message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:32:01.300Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/resources/mk/rendezvous_security_advisory_20080409.txt"
},
{
"name": "1019826",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019826"
},
{
"name": "tibco-rendezvous-multiple-code-execution(41760)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41760"
},
{
"name": "44269",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/44269"
},
{
"name": "28717",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28717"
},
{
"name": "ADV-2008-1190",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1190/references"
},
{
"name": "29774",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29774"
},
{
"name": "ADV-2008-1189",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1189/references"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in TIBCO Software Rendezvous before 8.1.0, as used in multiple TIBCO products, allow remote attackers to execute arbitrary code via a crafted message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/resources/mk/rendezvous_security_advisory_20080409.txt"
},
{
"name": "1019826",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019826"
},
{
"name": "tibco-rendezvous-multiple-code-execution(41760)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41760"
},
{
"name": "44269",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/44269"
},
{
"name": "28717",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28717"
},
{
"name": "ADV-2008-1190",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1190/references"
},
{
"name": "29774",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29774"
},
{
"name": "ADV-2008-1189",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1189/references"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1703",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in TIBCO Software Rendezvous before 8.1.0, as used in multiple TIBCO products, allow remote attackers to execute arbitrary code via a crafted message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/resources/mk/rendezvous_security_advisory_20080409.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/resources/mk/rendezvous_security_advisory_20080409.txt"
},
{
"name": "1019826",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019826"
},
{
"name": "tibco-rendezvous-multiple-code-execution(41760)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41760"
},
{
"name": "44269",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/44269"
},
{
"name": "28717",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28717"
},
{
"name": "ADV-2008-1190",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1190/references"
},
{
"name": "29774",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29774"
},
{
"name": "ADV-2008-1189",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1189/references"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1703",
"datePublished": "2008-04-11T10:00:00",
"dateReserved": "2008-04-08T00:00:00",
"dateUpdated": "2024-08-07T08:32:01.300Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4159 (GCVE-0-2007-4159)
Vulnerability from cvelistv5 – Published: 2007-08-03 21:00 – Updated: 2024-08-07 14:46
VLAI?
Summary
index.html in the HTTP administration interface in certain daemons in TIBCO Rendezvous (RV) 7.5.2 allows remote attackers to obtain sensitive information, such as a user name and IP addresses, via a direct request.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:46:39.380Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1018512",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018512"
},
{
"name": "20070730 Security Testing Enterprise Messaging Systems",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0620.html"
},
{
"name": "46993",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/46993"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.irmplc.com/content/pdfs/Security_Testing_Enterprise_Messaging_Systems.pdf"
},
{
"name": "ADV-2007-2814",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2814"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "index.html in the HTTP administration interface in certain daemons in TIBCO Rendezvous (RV) 7.5.2 allows remote attackers to obtain sensitive information, such as a user name and IP addresses, via a direct request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-08-15T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1018512",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018512"
},
{
"name": "20070730 Security Testing Enterprise Messaging Systems",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0620.html"
},
{
"name": "46993",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/46993"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.irmplc.com/content/pdfs/Security_Testing_Enterprise_Messaging_Systems.pdf"
},
{
"name": "ADV-2007-2814",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2814"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4159",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "index.html in the HTTP administration interface in certain daemons in TIBCO Rendezvous (RV) 7.5.2 allows remote attackers to obtain sensitive information, such as a user name and IP addresses, via a direct request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1018512",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018512"
},
{
"name": "20070730 Security Testing Enterprise Messaging Systems",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0620.html"
},
{
"name": "46993",
"refsource": "OSVDB",
"url": "http://osvdb.org/46993"
},
{
"name": "http://www.irmplc.com/content/pdfs/Security_Testing_Enterprise_Messaging_Systems.pdf",
"refsource": "MISC",
"url": "http://www.irmplc.com/content/pdfs/Security_Testing_Enterprise_Messaging_Systems.pdf"
},
{
"name": "ADV-2007-2814",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2814"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4159",
"datePublished": "2007-08-03T21:00:00",
"dateReserved": "2007-08-03T00:00:00",
"dateUpdated": "2024-08-07T14:46:39.380Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4162 (GCVE-0-2007-4162)
Vulnerability from cvelistv5 – Published: 2007-08-03 21:00 – Updated: 2024-08-07 14:46
VLAI?
Summary
TIBCO Rendezvous (RV) 7.5.2 does not protect confidentiality or integrity of inter-daemon communication, which allows remote attackers to capture and spoof traffic.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:46:39.405Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1018512",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018512"
},
{
"name": "20070730 Security Testing Enterprise Messaging Systems",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0620.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.irmplc.com/content/pdfs/Security_Testing_Enterprise_Messaging_Systems.pdf"
},
{
"name": "46991",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/46991"
},
{
"name": "ADV-2007-2814",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2814"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "TIBCO Rendezvous (RV) 7.5.2 does not protect confidentiality or integrity of inter-daemon communication, which allows remote attackers to capture and spoof traffic."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-08-15T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1018512",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018512"
},
{
"name": "20070730 Security Testing Enterprise Messaging Systems",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0620.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.irmplc.com/content/pdfs/Security_Testing_Enterprise_Messaging_Systems.pdf"
},
{
"name": "46991",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/46991"
},
{
"name": "ADV-2007-2814",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2814"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4162",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TIBCO Rendezvous (RV) 7.5.2 does not protect confidentiality or integrity of inter-daemon communication, which allows remote attackers to capture and spoof traffic."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1018512",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018512"
},
{
"name": "20070730 Security Testing Enterprise Messaging Systems",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0620.html"
},
{
"name": "http://www.irmplc.com/content/pdfs/Security_Testing_Enterprise_Messaging_Systems.pdf",
"refsource": "MISC",
"url": "http://www.irmplc.com/content/pdfs/Security_Testing_Enterprise_Messaging_Systems.pdf"
},
{
"name": "46991",
"refsource": "OSVDB",
"url": "http://osvdb.org/46991"
},
{
"name": "ADV-2007-2814",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2814"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4162",
"datePublished": "2007-08-03T21:00:00",
"dateReserved": "2007-08-03T00:00:00",
"dateUpdated": "2024-08-07T14:46:39.405Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4158 (GCVE-0-2007-4158)
Vulnerability from cvelistv5 – Published: 2007-08-03 21:00 – Updated: 2024-08-07 14:46
VLAI?
Summary
Memory leak in TIBCO Rendezvous (RV) daemon (rvd) 7.5.2, 7.5.3 and 7.5.4 allows remote attackers to cause a denial of service (memory consumption) via a packet with a length field of zero, a different vulnerability than CVE-2006-2830.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:46:39.365Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "37680",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37680"
},
{
"name": "20071203 CVE-2007-4158 == CVE-2007-5553?",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://www.attrition.org/pipermail/vim/2007-December/001855.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.irmplc.com/index.php/111-Vendor-Alerts"
},
{
"name": "1018512",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018512"
},
{
"name": "20070730 Security Testing Enterprise Messaging Systems",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0620.html"
},
{
"name": "25132",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25132"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.irmplc.com/content/pdfs/Security_Testing_Enterprise_Messaging_Systems.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.irmplc.com/index.php/160-Advisory-025"
},
{
"name": "26337",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26337"
},
{
"name": "ADV-2007-2814",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2814"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Memory leak in TIBCO Rendezvous (RV) daemon (rvd) 7.5.2, 7.5.3 and 7.5.4 allows remote attackers to cause a denial of service (memory consumption) via a packet with a length field of zero, a different vulnerability than CVE-2006-2830."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-08-15T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "37680",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37680"
},
{
"name": "20071203 CVE-2007-4158 == CVE-2007-5553?",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://www.attrition.org/pipermail/vim/2007-December/001855.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.irmplc.com/index.php/111-Vendor-Alerts"
},
{
"name": "1018512",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018512"
},
{
"name": "20070730 Security Testing Enterprise Messaging Systems",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0620.html"
},
{
"name": "25132",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25132"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.irmplc.com/content/pdfs/Security_Testing_Enterprise_Messaging_Systems.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.irmplc.com/index.php/160-Advisory-025"
},
{
"name": "26337",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26337"
},
{
"name": "ADV-2007-2814",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2814"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4158",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in TIBCO Rendezvous (RV) daemon (rvd) 7.5.2, 7.5.3 and 7.5.4 allows remote attackers to cause a denial of service (memory consumption) via a packet with a length field of zero, a different vulnerability than CVE-2006-2830."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37680",
"refsource": "OSVDB",
"url": "http://osvdb.org/37680"
},
{
"name": "20071203 CVE-2007-4158 == CVE-2007-5553?",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2007-December/001855.html"
},
{
"name": "http://www.irmplc.com/index.php/111-Vendor-Alerts",
"refsource": "MISC",
"url": "http://www.irmplc.com/index.php/111-Vendor-Alerts"
},
{
"name": "1018512",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018512"
},
{
"name": "20070730 Security Testing Enterprise Messaging Systems",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0620.html"
},
{
"name": "25132",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25132"
},
{
"name": "http://www.irmplc.com/content/pdfs/Security_Testing_Enterprise_Messaging_Systems.pdf",
"refsource": "MISC",
"url": "http://www.irmplc.com/content/pdfs/Security_Testing_Enterprise_Messaging_Systems.pdf"
},
{
"name": "http://www.irmplc.com/index.php/160-Advisory-025",
"refsource": "MISC",
"url": "http://www.irmplc.com/index.php/160-Advisory-025"
},
{
"name": "26337",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26337"
},
{
"name": "ADV-2007-2814",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2814"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4158",
"datePublished": "2007-08-03T21:00:00",
"dateReserved": "2007-08-03T00:00:00",
"dateUpdated": "2024-08-07T14:46:39.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4161 (GCVE-0-2007-4161)
Vulnerability from cvelistv5 – Published: 2007-08-03 21:00 – Updated: 2024-08-07 14:46
VLAI?
Summary
rvd in TIBCO Rendezvous (RV) 7.5.2, when -no-lead-wc is omitted, might allow remote attackers to cause a denial of service (network instability) via a subject name with a leading (1) '*' (asterisk) or (2) '>' (greater than) wildcard character.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:46:39.354Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1018512",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018512"
},
{
"name": "37681",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37681"
},
{
"name": "20070730 Security Testing Enterprise Messaging Systems",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0620.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.irmplc.com/content/pdfs/Security_Testing_Enterprise_Messaging_Systems.pdf"
},
{
"name": "26337",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26337"
},
{
"name": "ADV-2007-2814",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2814"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "rvd in TIBCO Rendezvous (RV) 7.5.2, when -no-lead-wc is omitted, might allow remote attackers to cause a denial of service (network instability) via a subject name with a leading (1) \u0027*\u0027 (asterisk) or (2) \u0027\u003e\u0027 (greater than) wildcard character."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-08-15T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1018512",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018512"
},
{
"name": "37681",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37681"
},
{
"name": "20070730 Security Testing Enterprise Messaging Systems",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0620.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.irmplc.com/content/pdfs/Security_Testing_Enterprise_Messaging_Systems.pdf"
},
{
"name": "26337",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26337"
},
{
"name": "ADV-2007-2814",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2814"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4161",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "rvd in TIBCO Rendezvous (RV) 7.5.2, when -no-lead-wc is omitted, might allow remote attackers to cause a denial of service (network instability) via a subject name with a leading (1) \u0027*\u0027 (asterisk) or (2) \u0027\u003e\u0027 (greater than) wildcard character."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1018512",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018512"
},
{
"name": "37681",
"refsource": "OSVDB",
"url": "http://osvdb.org/37681"
},
{
"name": "20070730 Security Testing Enterprise Messaging Systems",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0620.html"
},
{
"name": "http://www.irmplc.com/content/pdfs/Security_Testing_Enterprise_Messaging_Systems.pdf",
"refsource": "MISC",
"url": "http://www.irmplc.com/content/pdfs/Security_Testing_Enterprise_Messaging_Systems.pdf"
},
{
"name": "26337",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26337"
},
{
"name": "ADV-2007-2814",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2814"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4161",
"datePublished": "2007-08-03T21:00:00",
"dateReserved": "2007-08-03T00:00:00",
"dateUpdated": "2024-08-07T14:46:39.354Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4160 (GCVE-0-2007-4160)
Vulnerability from cvelistv5 – Published: 2007-08-03 21:00 – Updated: 2024-08-07 14:46
VLAI?
Summary
The default configuration of TIBCO Rendezvous (RV) 7.5.2 clients, when -no-multicast is omitted, uses a multicast group as the destination for a network message, which might make it easier for remote attackers to capture message contents by sniffing the network.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:46:39.385Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1018512",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018512"
},
{
"name": "20070730 Security Testing Enterprise Messaging Systems",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0620.html"
},
{
"name": "46992",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/46992"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.irmplc.com/content/pdfs/Security_Testing_Enterprise_Messaging_Systems.pdf"
},
{
"name": "ADV-2007-2814",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2814"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The default configuration of TIBCO Rendezvous (RV) 7.5.2 clients, when -no-multicast is omitted, uses a multicast group as the destination for a network message, which might make it easier for remote attackers to capture message contents by sniffing the network."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-08-15T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1018512",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018512"
},
{
"name": "20070730 Security Testing Enterprise Messaging Systems",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0620.html"
},
{
"name": "46992",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/46992"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.irmplc.com/content/pdfs/Security_Testing_Enterprise_Messaging_Systems.pdf"
},
{
"name": "ADV-2007-2814",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2814"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4160",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of TIBCO Rendezvous (RV) 7.5.2 clients, when -no-multicast is omitted, uses a multicast group as the destination for a network message, which might make it easier for remote attackers to capture message contents by sniffing the network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1018512",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018512"
},
{
"name": "20070730 Security Testing Enterprise Messaging Systems",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0620.html"
},
{
"name": "46992",
"refsource": "OSVDB",
"url": "http://osvdb.org/46992"
},
{
"name": "http://www.irmplc.com/content/pdfs/Security_Testing_Enterprise_Messaging_Systems.pdf",
"refsource": "MISC",
"url": "http://www.irmplc.com/content/pdfs/Security_Testing_Enterprise_Messaging_Systems.pdf"
},
{
"name": "ADV-2007-2814",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2814"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4160",
"datePublished": "2007-08-03T21:00:00",
"dateReserved": "2007-08-03T00:00:00",
"dateUpdated": "2024-08-07T14:46:39.385Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}