Search criteria
49 vulnerabilities found for rendezvous by tibco
VAR-201508-0342
Vulnerability from variot - Updated: 2023-12-18 13:24Buffer overflow in the HTTP administrative interface in TIBCO Rendezvous before 8.4.4, Rendezvous Network Server before 1.1.1, Substation ES before 2.9.0, and Messaging Appliance before 8.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the Rendezvous Daemon (rvd), Routing Daemon (rvrd), Secure Daemon (rvsd), Secure Routing Daemon (rvsrd), Gateway Daemon (rvgd), Daemon Adapter (rvda), Cache (rvcache), Agent (rva), and Relay Agent (rvrad) components. TIBCO Rendezvous and others are products of TIBCO Software Corporation of the United States. TIBCO Rendezvous is a middleware product that helps users quickly build and deploy large-scale distributed applications; Substation ES is a substation product that integrates communications software and provides real-time information exchange; Messaging Appliance is a set that reduces transmission delays and improves A messaging software that predicts capabilities and improves message throughput. A buffer overflow vulnerability exists in the HTTP management interface for several TIBCO products. A remote attacker could exploit the vulnerability to cause a denial of service or to execute arbitrary code. Multiple TIBCO products are prone to multiple buffer-overflow vulnerabilities. Failed exploit attempts will result in a denial-of-service condition. The following products are vulnerable: TIBCO Rendezvous 8.4.3 and prior TIBCO Rendezvous Network Server 1.1.0 and prior TIBCO Substation ES 2.8.1 and prior TIBCO Messaging Appliance 8.7.1 and prior
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0342",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rendezvous",
"scope": "lt",
"trust": 1.4,
"vendor": "tibco",
"version": "8.4.4"
},
{
"model": "substation es",
"scope": "lt",
"trust": 1.4,
"vendor": "tibco",
"version": "2.9.0"
},
{
"model": "substation es",
"scope": "lte",
"trust": 1.0,
"vendor": "tibco",
"version": "2.8.1"
},
{
"model": "messaging appliance",
"scope": "lte",
"trust": 1.0,
"vendor": "tibco",
"version": "8.7.1"
},
{
"model": "rendezvous network server",
"scope": "lte",
"trust": 1.0,
"vendor": "tibco",
"version": "1.1.0"
},
{
"model": "rendezvous",
"scope": "lte",
"trust": 1.0,
"vendor": "tibco",
"version": "8.4.3"
},
{
"model": "substation es",
"scope": "eq",
"trust": 0.9,
"vendor": "tibco",
"version": "2.8.1"
},
{
"model": "rendezvous",
"scope": "eq",
"trust": 0.9,
"vendor": "tibco",
"version": "8.4.3"
},
{
"model": "messaging appliance",
"scope": "eq",
"trust": 0.9,
"vendor": "tibco",
"version": "8.7.1"
},
{
"model": "messaging appliance software",
"scope": "lt",
"trust": 0.8,
"vendor": "tibco",
"version": "8.7.2"
},
{
"model": "rendezvous network server",
"scope": "lt",
"trust": 0.8,
"vendor": "tibco",
"version": "1.1.1"
},
{
"model": "messaging appliance",
"scope": "lt",
"trust": 0.6,
"vendor": "tibco",
"version": "8.7.2"
},
{
"model": "rendezvous network server",
"scope": "eq",
"trust": 0.6,
"vendor": "tibco",
"version": "1.1.0"
},
{
"model": "substation es",
"scope": "eq",
"trust": 0.3,
"vendor": "tibco",
"version": "2.8"
},
{
"model": "rendezvous network server",
"scope": "eq",
"trust": 0.3,
"vendor": "tibco",
"version": "1.1"
},
{
"model": "rendezvous",
"scope": "eq",
"trust": 0.3,
"vendor": "tibco",
"version": "8.4.2"
},
{
"model": "rendezvous",
"scope": "eq",
"trust": 0.3,
"vendor": "tibco",
"version": "8.4.1"
},
{
"model": "rendezvous",
"scope": "eq",
"trust": 0.3,
"vendor": "tibco",
"version": "8.3"
},
{
"model": "rendezvous",
"scope": "eq",
"trust": 0.3,
"vendor": "tibco",
"version": "8.2.9"
},
{
"model": "rendezvous",
"scope": "eq",
"trust": 0.3,
"vendor": "tibco",
"version": "8.2.8"
},
{
"model": "rendezvous",
"scope": "eq",
"trust": 0.3,
"vendor": "tibco",
"version": "8.2.7"
},
{
"model": "rendezvous",
"scope": "eq",
"trust": 0.3,
"vendor": "tibco",
"version": "8.2.6"
},
{
"model": "rendezvous",
"scope": "eq",
"trust": 0.3,
"vendor": "tibco",
"version": "8.2.5"
},
{
"model": "rendezvous",
"scope": "eq",
"trust": 0.3,
"vendor": "tibco",
"version": "8.2.4"
},
{
"model": "rendezvous",
"scope": "eq",
"trust": 0.3,
"vendor": "tibco",
"version": "8.2.3"
},
{
"model": "rendezvous",
"scope": "eq",
"trust": 0.3,
"vendor": "tibco",
"version": "8.2.2"
},
{
"model": "rendezvous",
"scope": "eq",
"trust": 0.3,
"vendor": "tibco",
"version": "8.2.1"
},
{
"model": "rendezvous",
"scope": "eq",
"trust": 0.3,
"vendor": "tibco",
"version": "8.0.1"
},
{
"model": "rendezvous",
"scope": "eq",
"trust": 0.3,
"vendor": "tibco",
"version": "7.5.4"
},
{
"model": "rendezvous",
"scope": "eq",
"trust": 0.3,
"vendor": "tibco",
"version": "7.5.3"
},
{
"model": "rendezvous",
"scope": "eq",
"trust": 0.3,
"vendor": "tibco",
"version": "7.5.2"
},
{
"model": "rendezvous",
"scope": "eq",
"trust": 0.3,
"vendor": "tibco",
"version": "7.5.1"
},
{
"model": "rendezvous",
"scope": "eq",
"trust": 0.3,
"vendor": "tibco",
"version": "7.4.11"
},
{
"model": "rendezvous",
"scope": "eq",
"trust": 0.3,
"vendor": "tibco",
"version": "5.6.3"
},
{
"model": "rendezvous",
"scope": "eq",
"trust": 0.3,
"vendor": "tibco",
"version": "8.3.1"
},
{
"model": "rendezvous",
"scope": "eq",
"trust": 0.3,
"vendor": "tibco",
"version": "8.0"
},
{
"model": "messaging appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "tibco",
"version": "8.7"
},
{
"model": "substation es",
"scope": "ne",
"trust": 0.3,
"vendor": "tibco",
"version": "2.9"
},
{
"model": "rendezvous network server",
"scope": "ne",
"trust": 0.3,
"vendor": "tibco",
"version": "1.1.1"
},
{
"model": "rendezvous",
"scope": "ne",
"trust": 0.3,
"vendor": "tibco",
"version": "8.4.4"
},
{
"model": "messaging appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "tibco",
"version": "8.7.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "messaging appliance",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "rendezvous",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "rendezvous network server",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "substation es",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "185e6a3d-806b-4280-97a9-ddba5d0cd26f"
},
{
"db": "CNVD",
"id": "CNVD-2015-05790"
},
{
"db": "BID",
"id": "76492"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004504"
},
{
"db": "NVD",
"id": "CVE-2015-4555"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-569"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:tibco:rendezvous_network_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tibco:messaging_appliance:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.7.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tibco:rendezvous:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.4.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tibco:substation_es:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.8.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-4555"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "76492"
}
],
"trust": 0.3
},
"cve": "CVE-2015-4555",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-4555",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05790",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "185e6a3d-806b-4280-97a9-ddba5d0cd26f",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-4555",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2015-05790",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201508-569",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "185e6a3d-806b-4280-97a9-ddba5d0cd26f",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "185e6a3d-806b-4280-97a9-ddba5d0cd26f"
},
{
"db": "CNVD",
"id": "CNVD-2015-05790"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004504"
},
{
"db": "NVD",
"id": "CVE-2015-4555"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-569"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in the HTTP administrative interface in TIBCO Rendezvous before 8.4.4, Rendezvous Network Server before 1.1.1, Substation ES before 2.9.0, and Messaging Appliance before 8.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the Rendezvous Daemon (rvd), Routing Daemon (rvrd), Secure Daemon (rvsd), Secure Routing Daemon (rvsrd), Gateway Daemon (rvgd), Daemon Adapter (rvda), Cache (rvcache), Agent (rva), and Relay Agent (rvrad) components. TIBCO Rendezvous and others are products of TIBCO Software Corporation of the United States. TIBCO Rendezvous is a middleware product that helps users quickly build and deploy large-scale distributed applications; Substation ES is a substation product that integrates communications software and provides real-time information exchange; Messaging Appliance is a set that reduces transmission delays and improves A messaging software that predicts capabilities and improves message throughput. A buffer overflow vulnerability exists in the HTTP management interface for several TIBCO products. A remote attacker could exploit the vulnerability to cause a denial of service or to execute arbitrary code. Multiple TIBCO products are prone to multiple buffer-overflow vulnerabilities. Failed exploit attempts will result in a denial-of-service condition. \nThe following products are vulnerable:\nTIBCO Rendezvous 8.4.3 and prior\nTIBCO Rendezvous Network Server 1.1.0 and prior\nTIBCO Substation ES 2.8.1 and prior\nTIBCO Messaging Appliance 8.7.1 and prior",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-4555"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004504"
},
{
"db": "CNVD",
"id": "CNVD-2015-05790"
},
{
"db": "BID",
"id": "76492"
},
{
"db": "IVD",
"id": "185e6a3d-806b-4280-97a9-ddba5d0cd26f"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-4555",
"trust": 3.5
},
{
"db": "SECTRACK",
"id": "1033677",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2015-05790",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201508-569",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004504",
"trust": 0.8
},
{
"db": "BID",
"id": "76492",
"trust": 0.3
},
{
"db": "IVD",
"id": "185E6A3D-806B-4280-97A9-DDBA5D0CD26F",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "185e6a3d-806b-4280-97a9-ddba5d0cd26f"
},
{
"db": "CNVD",
"id": "CNVD-2015-05790"
},
{
"db": "BID",
"id": "76492"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004504"
},
{
"db": "NVD",
"id": "CVE-2015-4555"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-569"
}
]
},
"id": "VAR-201508-0342",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "185e6a3d-806b-4280-97a9-ddba5d0cd26f"
},
{
"db": "CNVD",
"id": "CNVD-2015-05790"
}
],
"trust": 0.08
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "185e6a3d-806b-4280-97a9-ddba5d0cd26f"
},
{
"db": "CNVD",
"id": "CNVD-2015-05790"
}
]
},
"last_update_date": "2023-12-18T13:24:45.219000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "TIBCO Rendezvous vulnerability",
"trust": 0.8,
"url": "http://www.tibco.com/services/support/advisories"
},
{
"title": "Security Advisories for TIBCO Products (August 25, 2015)",
"trust": 0.8,
"url": "http://www.tibco.com/assets/blt18493dc775c50c09/2015-002-advisory.txt"
},
{
"title": "Patches for multiple TIBCO product buffer overflow vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/63516"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05790"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004504"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-4555"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"trust": 1.9,
"url": "http://www.tibco.com/assets/blt18493dc775c50c09/2015-002-advisory.txt"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1033677"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4555"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4555"
},
{
"trust": 0.3,
"url": "http://www.tibco.com/index.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05790"
},
{
"db": "BID",
"id": "76492"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004504"
},
{
"db": "NVD",
"id": "CVE-2015-4555"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-569"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "185e6a3d-806b-4280-97a9-ddba5d0cd26f"
},
{
"db": "CNVD",
"id": "CNVD-2015-05790"
},
{
"db": "BID",
"id": "76492"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004504"
},
{
"db": "NVD",
"id": "CVE-2015-4555"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-569"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-06T00:00:00",
"db": "IVD",
"id": "185e6a3d-806b-4280-97a9-ddba5d0cd26f"
},
{
"date": "2015-09-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05790"
},
{
"date": "2015-08-25T00:00:00",
"db": "BID",
"id": "76492"
},
{
"date": "2015-09-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004504"
},
{
"date": "2015-08-30T14:59:02.047000",
"db": "NVD",
"id": "CVE-2015-4555"
},
{
"date": "2015-08-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-569"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05790"
},
{
"date": "2015-08-25T00:00:00",
"db": "BID",
"id": "76492"
},
{
"date": "2015-09-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004504"
},
{
"date": "2016-12-08T18:52:35.693000",
"db": "NVD",
"id": "CVE-2015-4555"
},
{
"date": "2015-08-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-569"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-569"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural TIBCO Product HTTP Management Interface Buffer Overflow Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004504"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "185e6a3d-806b-4280-97a9-ddba5d0cd26f"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-569"
}
],
"trust": 0.8
}
}
FKIE_CVE-2021-28817
Vulnerability from fkie_nvd - Published: 2021-03-23 21:15 - Updated: 2024-11-21 06:00
Severity ?
8.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
The Windows Installation component of TIBCO Software Inc.'s TIBCO Rendezvous and TIBCO Rendezvous Developer Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.'s TIBCO Rendezvous: versions 8.5.1 and below and TIBCO Rendezvous Developer Edition: versions 8.5.1 and below.
References
| URL | Tags | ||
|---|---|---|---|
| security@tibco.com | http://www.tibco.com/services/support/advisories | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.tibco.com/services/support/advisories | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tibco | rendezvous | * | |
| tibco | rendezvous | * | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:rendezvous:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51D2D5C7-FF22-45C6-A989-FCA180FA1C62",
"versionEndIncluding": "8.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:rendezvous:*:*:*:*:developer:*:*:*",
"matchCriteriaId": "32F2BA6C-5116-42CC-9C7D-8EA76C2F8179",
"versionEndIncluding": "8.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Windows Installation component of TIBCO Software Inc.\u0027s TIBCO Rendezvous and TIBCO Rendezvous Developer Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.\u0027s TIBCO Rendezvous: versions 8.5.1 and below and TIBCO Rendezvous Developer Edition: versions 8.5.1 and below."
},
{
"lang": "es",
"value": "El componente de instalaci\u00f3n de Windows de TIBCO Rendezvous y TIBCO Rendezvous Developer Edition de TIBCO Software Inc. contiene una vulnerabilidad que te\u00f3ricamente permite que un atacante poco privilegiado y con acceso local en algunas versiones del sistema operativo Windows inserte software malicioso.\u0026#xa0;Se puede abusar del componente afectado para ejecutar el software malicioso insertado por el atacante con los privilegios elevados del componente.\u0026#xa0;Esta vulnerabilidad es debido a la falta de restricciones de acceso a determinados archivos y/o carpetas en la instalaci\u00f3n.\u0026#xa0;Las versiones afectadas son TIBCO Rendezvous de TIBCO Software Inc.: versiones 8.5.1 y por debajo y TIBCO Rendezvous Developer Edition: versiones 8.5.1 y por debajo"
}
],
"id": "CVE-2021-28817",
"lastModified": "2024-11-21T06:00:15.587",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0,
"source": "security@tibco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-23T21:15:13.713",
"references": [
{
"source": "security@tibco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories"
}
],
"sourceIdentifier": "security@tibco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-28818
Vulnerability from fkie_nvd - Published: 2021-03-23 21:15 - Updated: 2024-11-21 06:00
Severity ?
8.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), Rendezvous Secure C API, Rendezvous Java API, and Rendezvous .Net API components of TIBCO Software Inc.'s TIBCO Rendezvous and TIBCO Rendezvous Developer Edition contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.'s TIBCO Rendezvous: versions 8.5.1 and below and TIBCO Rendezvous Developer Edition: versions 8.5.1 and below.
References
| URL | Tags | ||
|---|---|---|---|
| security@tibco.com | http://www.tibco.com/services/support/advisories | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.tibco.com/services/support/advisories | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tibco | rendezvous | * | |
| tibco | rendezvous | * | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:rendezvous:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51D2D5C7-FF22-45C6-A989-FCA180FA1C62",
"versionEndIncluding": "8.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:rendezvous:*:*:*:*:developer:*:*:*",
"matchCriteriaId": "32F2BA6C-5116-42CC-9C7D-8EA76C2F8179",
"versionEndIncluding": "8.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), Rendezvous Secure C API, Rendezvous Java API, and Rendezvous .Net API components of TIBCO Software Inc.\u0027s TIBCO Rendezvous and TIBCO Rendezvous Developer Edition contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.\u0027s TIBCO Rendezvous: versions 8.5.1 and below and TIBCO Rendezvous Developer Edition: versions 8.5.1 and below."
},
{
"lang": "es",
"value": "Los componentes Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), Rendezvous Secure C API, Rendezvous Java API y Rendezvous .Net API de TIBCO Software Inc. TIBCO Rendezvous y TIBCO Rendezvous Developer Edition contienen una vulnerabilidad que te\u00f3ricamente permite que un atacante poco privilegiado y con acceso local en el sistema operativo Windows inserte software malicioso.\u0026#xa0;Se puede abusar del componente afectado para ejecutar el software malicioso insertado por el atacante con los privilegios elevados del componente.\u0026#xa0;Esta vulnerabilidad es debido a que el componente afectado busca artefactos en tiempo de ejecuci\u00f3n fuera de la jerarqu\u00eda de instalaci\u00f3n.\u0026#xa0;Las versiones afectadas son TIBCO Rendezvous de TIBCO Software Inc.: versiones 8.5.1 y por debajo"
}
],
"id": "CVE-2021-28818",
"lastModified": "2024-11-21T06:00:15.703",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0,
"source": "security@tibco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-23T21:15:13.823",
"references": [
{
"source": "security@tibco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories"
}
],
"sourceIdentifier": "security@tibco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-12414
Vulnerability from fkie_nvd - Published: 2018-11-06 23:29 - Updated: 2024-11-21 03:45
Severity ?
7.5 (High) - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), and Rendezvous Daemon Manager (rvdm) components of TIBCO Software Inc.'s TIBCO Rendezvous, TIBCO Rendezvous Developer Edition, TIBCO Rendezvous for z/Linux, TIBCO Rendezvous for z/OS, TIBCO Rendezvous Network Server, TIBCO Substation ES contain vulnerabilities which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Rendezvous: versions up to and including 8.4.5, TIBCO Rendezvous Developer Edition: versions up to and including 8.4.5, TIBCO Rendezvous for z/Linux: versions up to and including 8.4.5, TIBCO Rendezvous for z/OS: versions up to and including 8.4.5, TIBCO Rendezvous Network Server: versions up to and including 1.1.2, and TIBCO Substation ES: versions up to and including 2.12.2.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tibco | rendezvous | * | |
| tibco | rendezvous | * | |
| tibco | rendezvous_for_z\/linux | * | |
| tibco | rendezvous_for_z\/os | * | |
| tibco | rendezvous_network_server | * | |
| tibco | substation_es | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:rendezvous:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA2A3EA-3046-46B8-8B5B-5729EBBF7E4E",
"versionEndIncluding": "8.4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:rendezvous:*:*:*:*:developer:*:*:*",
"matchCriteriaId": "E0FC5929-F892-4385-8B8D-6481140D0816",
"versionEndIncluding": "8.4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:rendezvous_for_z\\/linux:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B48475B-178F-4A1B-B368-EE807E888F71",
"versionEndIncluding": "8.4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:rendezvous_for_z\\/os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D3510ED-9E48-480C-BA9E-81E7A30EBF15",
"versionEndIncluding": "8.4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:rendezvous_network_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E7EEDCE-9B08-4598-9341-C834A7AD7564",
"versionEndIncluding": "1.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:substation_es:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6201AB15-011D-412B-953D-A8CEF154FBD6",
"versionEndIncluding": "2.12.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), and Rendezvous Daemon Manager (rvdm) components of TIBCO Software Inc.\u0027s TIBCO Rendezvous, TIBCO Rendezvous Developer Edition, TIBCO Rendezvous for z/Linux, TIBCO Rendezvous for z/OS, TIBCO Rendezvous Network Server, TIBCO Substation ES contain vulnerabilities which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.\u0027s TIBCO Rendezvous: versions up to and including 8.4.5, TIBCO Rendezvous Developer Edition: versions up to and including 8.4.5, TIBCO Rendezvous for z/Linux: versions up to and including 8.4.5, TIBCO Rendezvous for z/OS: versions up to and including 8.4.5, TIBCO Rendezvous Network Server: versions up to and including 1.1.2, and TIBCO Substation ES: versions up to and including 2.12.2."
},
{
"lang": "es",
"value": "Los componentes Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache) y Rendezvous Daemon Manager (rvdm) de TIBCO Rendezvous, TIBCO Rendezvous Developer Edition, TIBCO Rendezvous for z/Linux, TIBCO Rendezvous for z/OS, TIBCO Rendezvous Network Server y TIBCO Substation ES, de TIBCO Software Inc., contiene vulnerabilidades que podr\u00edan permitir que un atacante realice ataques de Cross-Site Request Forgery (CSRF). Las versiones afectadas son las siguientes: TIBCO Rendezvous: versiones hasta e incluyendo la 8.4.5, TIBCO Rendezvous Developer Edition: versiones hasta e incluyendo la 8.4.5, TIBCO Rendezvous for z/Linux: versiones hasta e incluyendo la 8.4.5, TIBCO Rendezvous for z/OS: versiones hasta e incluyendo la 8.4.5, TIBCO Rendezvous Network Server: versiones hasta e incluyendo la 1.1.2 y TIBCO Substation ES: versiones hasta e incluyendo la 2.12.2."
}
],
"id": "CVE-2018-12414",
"lastModified": "2024-11-21T03:45:10.737",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "security@tibco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-11-06T23:29:00.403",
"references": [
{
"source": "security@tibco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105871"
},
{
"source": "security@tibco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"source": "security@tibco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-rendezvous"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105871"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-rendezvous"
}
],
"sourceIdentifier": "security@tibco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-4555
Vulnerability from fkie_nvd - Published: 2015-08-30 14:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Buffer overflow in the HTTP administrative interface in TIBCO Rendezvous before 8.4.4, Rendezvous Network Server before 1.1.1, Substation ES before 2.9.0, and Messaging Appliance before 8.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the Rendezvous Daemon (rvd), Routing Daemon (rvrd), Secure Daemon (rvsd), Secure Routing Daemon (rvsrd), Gateway Daemon (rvgd), Daemon Adapter (rvda), Cache (rvcache), Agent (rva), and Relay Agent (rvrad) components.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://www.securitytracker.com/id/1033677 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.tibco.com/assets/blt18493dc775c50c09/2015-002-advisory.txt | Vendor Advisory | |
| cve@mitre.org | http://www.tibco.com/mk/advisory.jsp | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1033677 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.tibco.com/assets/blt18493dc775c50c09/2015-002-advisory.txt | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.tibco.com/mk/advisory.jsp | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tibco | messaging_appliance | * | |
| tibco | rendezvous | * | |
| tibco | rendezvous_network_server | * | |
| tibco | substation_es | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:messaging_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CD8500F-39AF-488D-B280-2670C0E272F6",
"versionEndIncluding": "8.7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:rendezvous:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F2E5AF9-C1C2-480D-A2AF-28A685112DF8",
"versionEndIncluding": "8.4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:rendezvous_network_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29B5BC83-586E-49D7-98AB-68DAB4028E64",
"versionEndIncluding": "1.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:substation_es:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86B28ADD-B5D3-481A-8FCB-CC4EDD626B67",
"versionEndIncluding": "2.8.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the HTTP administrative interface in TIBCO Rendezvous before 8.4.4, Rendezvous Network Server before 1.1.1, Substation ES before 2.9.0, and Messaging Appliance before 8.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the Rendezvous Daemon (rvd), Routing Daemon (rvrd), Secure Daemon (rvsd), Secure Routing Daemon (rvsrd), Gateway Daemon (rvgd), Daemon Adapter (rvda), Cache (rvcache), Agent (rva), and Relay Agent (rvrad) components."
},
{
"lang": "es",
"value": "Desbordamiento de buffer en la interfaz administrativa HTTP en TIBCO Rendezvous en versiones anteriores a 8.4.4, Rendezvous Network Server en versiones anteriores a 1.1.1, Substation ES en versiones anteriores a 2.9.0 y Messaging Appliance en versiones anteriores a 8.7.2, permite a atacantes remotos causar una denegaci\u00f3n de servicio o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores no especificados, relacionado con los componentes Rendezvous Daemon (rvd), Routing Daemon (rvrd), Secure Daemon (rvsd), Secure Routing Daemon (rvsrd), Gateway Daemon (rvgd), Daemon Adapter (rvda), Cache (rvcache), Agent (rva) y Relay Agent (rvrad)."
}
],
"id": "CVE-2015-4555",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-08-30T14:59:02.047",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033677"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/assets/blt18493dc775c50c09/2015-002-advisory.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033677"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/assets/blt18493dc775c50c09/2015-002-advisory.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/mk/advisory.jsp"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-2542
Vulnerability from fkie_nvd - Published: 2014-04-08 23:47 - Updated: 2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tibco | rendezvous | * | |
| tibco | rendezvous | 7.4.11 | |
| tibco | rendezvous | 7.5.1 | |
| tibco | rendezvous | 7.5.2 | |
| tibco | rendezvous | 7.5.3 | |
| tibco | rendezvous | 7.5.4 | |
| tibco | rendezvous | 8.2.1 | |
| tibco | rendezvous | 8.3.0 | |
| tibco | rendezvous | 8.3.1 | |
| tibco | rendezvous | 8.10 | |
| tibco | substantiation_es | * | |
| tibco | messaging_appliance | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:rendezvous:*:*:*:*:*:*:*:*",
"matchCriteriaId": "81514701-B44C-43C7-B151-2634542726D0",
"versionEndIncluding": "8.4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:rendezvous:7.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "12892830-2FAA-4C1F-8C9D-B898E84DBAAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:rendezvous:7.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B20531C-A4CB-4196-AC66-C485CB618858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:rendezvous:7.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9498F55F-0862-4F95-A625-632F2579411C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:rendezvous:7.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0720B71A-1483-46FE-B88B-E7022A22E895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:rendezvous:7.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6865DC2D-F68C-4D5C-A85C-764B69582C47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:rendezvous:8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F0710D6E-07FF-49D9-82D1-028BF906AF01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:rendezvous:8.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "34040A6F-6C22-4011-A3F3-AD2F38CC468F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:rendezvous:8.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D05CB56A-E228-47D0-9FD2-0A0762DD0C97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:rendezvous:8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1580499E-7634-4670-AB4C-22418328C2C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:substantiation_es:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D7B1682-5E6F-4862-9A60-F73B392B1316",
"versionEndIncluding": "2.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:tibco:messaging_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C474F07-0141-405F-8531-116C7A5EF5BD",
"versionEndIncluding": "8.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en el demonio de Rendezvous (rvd), el demonio de Rendezvous Routing (rvrd), el demonio de Rendezvous Secure (rvsd) y el demonio de Rendezvous Secure Routing (rvsrd) en TIBCO Rendezvous anterior a 8.4.2, Messaging Appliance anterior a 8.7.1 y Substation ES anterior a 2.8.1 permite a atacantes remotos inyectar script Web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-2542",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-04-08T23:47:28.697",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/101873"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/66737"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1030070"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/101873"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/66737"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1030070"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-2543
Vulnerability from fkie_nvd - Published: 2014-04-08 23:47 - Updated: 2025-04-12 10:46
Severity ?
Summary
Buffer overflow in the Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 allows remote attackers to execute arbitrary code by leveraging access to a directly connected client and transmitting crafted data.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tibco | rendezvous | * | |
| tibco | rendezvous | 7.4.11 | |
| tibco | rendezvous | 7.5.1 | |
| tibco | rendezvous | 7.5.2 | |
| tibco | rendezvous | 7.5.3 | |
| tibco | rendezvous | 7.5.4 | |
| tibco | rendezvous | 8.2.1 | |
| tibco | rendezvous | 8.3.0 | |
| tibco | rendezvous | 8.3.1 | |
| tibco | rendezvous | 8.10 | |
| tibco | substantiation_es | * | |
| tibco | messaging_appliance | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:rendezvous:*:*:*:*:*:*:*:*",
"matchCriteriaId": "81514701-B44C-43C7-B151-2634542726D0",
"versionEndIncluding": "8.4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:rendezvous:7.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "12892830-2FAA-4C1F-8C9D-B898E84DBAAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:rendezvous:7.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B20531C-A4CB-4196-AC66-C485CB618858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:rendezvous:7.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9498F55F-0862-4F95-A625-632F2579411C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:rendezvous:7.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0720B71A-1483-46FE-B88B-E7022A22E895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:rendezvous:7.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6865DC2D-F68C-4D5C-A85C-764B69582C47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:rendezvous:8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F0710D6E-07FF-49D9-82D1-028BF906AF01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:rendezvous:8.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "34040A6F-6C22-4011-A3F3-AD2F38CC468F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:rendezvous:8.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D05CB56A-E228-47D0-9FD2-0A0762DD0C97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:rendezvous:8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1580499E-7634-4670-AB4C-22418328C2C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:substantiation_es:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D7B1682-5E6F-4862-9A60-F73B392B1316",
"versionEndIncluding": "2.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:tibco:messaging_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C474F07-0141-405F-8531-116C7A5EF5BD",
"versionEndIncluding": "8.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 allows remote attackers to execute arbitrary code by leveraging access to a directly connected client and transmitting crafted data."
},
{
"lang": "es",
"value": "Desbordamiento de buffer en el demonio de Rendezvous (rvd), el demonio de Rendezvous Routing (rvrd), el demonio de Rendezvous Secure (rvsd) y el demonio de Rendezvous Secure Routing (rvsrd) en TIBCO Rendezvous anterior a 8.4.2, Messaging Appliance anterior a 8.7.1 y Substation ES anterior a 2.8.1 permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante el aprovechamiento de acceso al cliente conectado directamente y transmitiendo datos manipulados."
}
],
"id": "CVE-2014-2543",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-04-08T23:47:28.727",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/66744"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1030070"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/66744"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1030070"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-2541
Vulnerability from fkie_nvd - Published: 2014-04-08 23:47 - Updated: 2025-04-12 10:46
Severity ?
Summary
The Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 do not properly implement access control, which allows remote attackers to obtain sensitive information or modify transmitted information via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tibco | rendezvous | * | |
| tibco | rendezvous | 7.4.11 | |
| tibco | rendezvous | 7.5.1 | |
| tibco | rendezvous | 7.5.2 | |
| tibco | rendezvous | 7.5.3 | |
| tibco | rendezvous | 7.5.4 | |
| tibco | rendezvous | 8.2.1 | |
| tibco | rendezvous | 8.3.0 | |
| tibco | rendezvous | 8.3.1 | |
| tibco | rendezvous | 8.10 | |
| tibco | substantiation_es | * | |
| tibco | messaging_appliance | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:rendezvous:*:*:*:*:*:*:*:*",
"matchCriteriaId": "81514701-B44C-43C7-B151-2634542726D0",
"versionEndIncluding": "8.4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:rendezvous:7.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "12892830-2FAA-4C1F-8C9D-B898E84DBAAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:rendezvous:7.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B20531C-A4CB-4196-AC66-C485CB618858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:rendezvous:7.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9498F55F-0862-4F95-A625-632F2579411C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:rendezvous:7.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0720B71A-1483-46FE-B88B-E7022A22E895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:rendezvous:7.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6865DC2D-F68C-4D5C-A85C-764B69582C47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:rendezvous:8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F0710D6E-07FF-49D9-82D1-028BF906AF01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:rendezvous:8.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "34040A6F-6C22-4011-A3F3-AD2F38CC468F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:rendezvous:8.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D05CB56A-E228-47D0-9FD2-0A0762DD0C97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:rendezvous:8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1580499E-7634-4670-AB4C-22418328C2C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:substantiation_es:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D7B1682-5E6F-4862-9A60-F73B392B1316",
"versionEndIncluding": "2.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:tibco:messaging_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C474F07-0141-405F-8531-116C7A5EF5BD",
"versionEndIncluding": "8.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 do not properly implement access control, which allows remote attackers to obtain sensitive information or modify transmitted information via unspecified vectors."
},
{
"lang": "es",
"value": "El demonio de Rendezvous (rvd), el demonio de Rendezvous Routing (rvrd), el demonio de Rendezvous Secure (rvsd) y el demonio de Rendezvous Secure Routing (rvsrd) en TIBCO Rendezvous anterior a 8.4.2, Messaging Appliance anterior a 8.7.1 y Substation ES anterior a 2.8.1 no implementan debidamente control de acceso, lo que permite a atacantes remotos obtener informaci\u00f3n sensible o modificar informaci\u00f3n transmitida a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-2541",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-04-08T23:47:28.667",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1030070"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1030070"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-0649
Vulnerability from fkie_nvd - Published: 2011-02-04 01:00 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple unspecified vulnerabilities in TIBCO Rendezvous 8.2.1 through 8.3.0, Enterprise Message Service (EMS) 5.1.0 through 6.0.0, Runtime Agent (TRA) 5.6.2 through 5.7.0, Silver BPM Service before 1.0.4, Silver CAP Service vebefore 1.0.2, and Silver BusinessWorks Service 1.0.0, when running on Unix systems, allow local users to gain root privileges via unknown vectors related to SUID and (1) Rendezvous Routing Daemon (rvrd), (2) Rendezvous Secure Daemon (rvsd), (3) Rendezvous Secure Routing Daemon (rvsrd), and (4) EMS Server (tibemsd).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tibco | rendezvous | 8.2.1 | |
| tibco | rendezvous | 8.3.0 | |
| tibco | enterprise_message_service | 5.1.0 | |
| tibco | enterprise_message_service | 5.1.1 | |
| tibco | enterprise_message_service | 6.0.0 | |
| tibco | runtime_agent | 5.6.2 | |
| tibco | runtime_agent | 5.7.0 | |
| tibco | silver_bpm_service | * | |
| tibco | silver_bpm_service | 1.0.1 | |
| tibco | silver_cap_service | * | |
| tibco | silver_cap_service | 1.0.0 | |
| tibco | silver_businessworks_service | 1.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:rendezvous:8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F0710D6E-07FF-49D9-82D1-028BF906AF01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:rendezvous:8.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "34040A6F-6C22-4011-A3F3-AD2F38CC468F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:enterprise_message_service:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F468D346-2F24-4110-80B6-5CBD315A2512",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:enterprise_message_service:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "42F68C2C-7225-4C40-8007-BE7EB1314DA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:enterprise_message_service:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "74DBD571-4FF4-4BE8-9916-5D377973A9B7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:runtime_agent:5.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2BFC4B07-1F93-4FAD-BCD9-7F43A4F6EF22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:runtime_agent:5.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B7618B53-911E-4746-B2C2-AD25A369042C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:silver_bpm_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D30468F9-43C5-4DB6-B9E8-B35CB83E84EB",
"versionEndIncluding": "1.0.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:silver_bpm_service:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CF339B05-7165-4D1B-BB4B-DB72E7D1A0F9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:silver_cap_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5658A988-61B8-4B19-A2AA-09305CBD4E3B",
"versionEndIncluding": "1.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:silver_cap_service:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5E886566-E2FF-4453-8400-DEE39E3852DC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:silver_businessworks_service:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3BD0099C-BB54-4AEF-AC04-DDF49B335AF6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in TIBCO Rendezvous 8.2.1 through 8.3.0, Enterprise Message Service (EMS) 5.1.0 through 6.0.0, Runtime Agent (TRA) 5.6.2 through 5.7.0, Silver BPM Service before 1.0.4, Silver CAP Service vebefore 1.0.2, and Silver BusinessWorks Service 1.0.0, when running on Unix systems, allow local users to gain root privileges via unknown vectors related to SUID and (1) Rendezvous Routing Daemon (rvrd), (2) Rendezvous Secure Daemon (rvsd), (3) Rendezvous Secure Routing Daemon (rvsrd), and (4) EMS Server (tibemsd)."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades no especificadas en Rendezvous versiones 8.2.1 hasta 8.3.0, Enterprise Message Service (EMS) versiones 5.1.0 hasta 6.0.0, Runtime Agent (TRA) versiones 5.6.2 hasta 5.7.0, Silver BPM Service anterior a versi\u00f3n 1.0.4, Silver CAP Service anterior a versi\u00f3n 1.0.2 y Silver BusinessWorks Service versi\u00f3n 1.0.0, de TIBCO, cuando son ejecutados en sistemas Unix, permiten a los usuarios locales alcanzar privilegios root por medio de vectores desconocidos relacionados con el SUID y (1) Demonio de Enrutamiento de Rendezvous (rvrd), (2) Demonio de Seguridad de Rendezvous (rvsd), (3) Demonio de Enrutamiento de Seguridad de Rendezvous (rvsrd), y (4) Servidor EMS (tibemsd)."
}
],
"evaluatorComment": "Per: http://www.tibco.com/multimedia/rv_ems_security_advisory_20110201_tcm8-13185.txt\r\n\r\n\u0027TIBCO Rendezvous and EMS components listed above contain a SUID\r\n vulnerability which could potentially grant unauthorized root access\r\n to an attacker on Unix-based systems.\u0027\r\n",
"evaluatorImpact": "Per: http://www.tibco.com/multimedia/rv_ems_security_advisory_20110201_tcm8-13185.txt\r\n\r\n\u0027On Unix-based systems a successful attack will result in a privilege\r\n escalation to root, granting the attacker full administrative control\r\n of the host.\u0027\r\n",
"id": "CVE-2011-0649",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-02-04T01:00:08.323",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43160"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43174"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/46104"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/multimedia/rv_ems_security_advisory_20110201_tcm8-13185.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0269"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43160"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43174"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/46104"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/multimedia/rv_ems_security_advisory_20110201_tcm8-13185.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0269"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65105"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-1703
Vulnerability from fkie_nvd - Published: 2008-04-11 10:05 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple buffer overflows in TIBCO Software Rendezvous before 8.1.0, as used in multiple TIBCO products, allow remote attackers to execute arbitrary code via a crafted message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tibco | adapter_files_z_os | * | |
| tibco | hawk | * | |
| tibco | iprocess_engine | 10.3.0 | |
| tibco | iprocess_engine | 10.3.1 | |
| tibco | iprocess_engine | 10.3.2 | |
| tibco | iprocess_engine | 10.3.3 | |
| tibco | iprocess_engine | 10.3.4 | |
| tibco | iprocess_engine | 10.3.5 | |
| tibco | iprocess_engine | 10.4 | |
| tibco | iprocess_engine | 10.4.1 | |
| tibco | iprocess_engine | 10.5 | |
| tibco | iprocess_engine | 10.6 | |
| tibco | iprocess_engine | 10.6.0 | |
| tibco | iprocess_engine | 10.6.1 | |
| tibco | rendezvous | * | |
| tibco | rendezvous_datasecurity | * | |
| tibco | rendezvous_tx | * | |
| tibco | runtime_agent | * | |
| tibco | substantiation_es | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:adapter_files_z_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46E74B55-ED15-4EA1-8AAC-8BB98798A1DC",
"versionEndIncluding": "4.4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:hawk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FB4C18E-D1AD-4064-949A-D00A2A4B41BC",
"versionEndIncluding": "4.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:iprocess_engine:10.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F085498D-67C1-43D2-AAA2-35BA8AF1998E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:iprocess_engine:10.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7E90A12B-BEB4-4F51-B4D2-BA0DB127CE05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:iprocess_engine:10.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EBF898A2-46AA-4A79-8D85-2C34174AD44E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:iprocess_engine:10.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5B9388D9-CC97-487B-864C-F8FA9BFF7306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:iprocess_engine:10.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "389EDDD9-4EFC-4B11-A3B9-C3BCD8D4DBAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:iprocess_engine:10.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9CCBA1D2-6FDF-4D6F-9316-9B6F3A9BD50A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:iprocess_engine:10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F45470DC-9C5C-4CBE-8DFD-FE49008A0D14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:iprocess_engine:10.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "50CFE4BA-00B8-4334-9B67-0A4276F5FCEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:iprocess_engine:10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "900BB34F-1533-4D53-904D-78E3D6EF3ED5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:iprocess_engine:10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "94FDFA30-E50A-4AD1-81F6-39E58DCCC515",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:iprocess_engine:10.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF6D5769-8FE2-4923-94EE-92619D8D086A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:iprocess_engine:10.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C65C714C-91B8-4665-B9BD-699BE318EDA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:rendezvous:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17CFBB43-82E9-4E7F-938C-B11B6425D3DC",
"versionEndIncluding": "8.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:rendezvous_datasecurity:*:*:*:*:*:*:*:*",
"matchCriteriaId": "413BBA07-5D7E-4E2F-9D1D-E26E2511FE74",
"versionEndIncluding": "2.1.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:rendezvous_tx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0E28E2-852E-4872-BED1-C17BE83DC75B",
"versionEndIncluding": "2.04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:runtime_agent:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F939E999-5F16-430E-B960-965C25576D10",
"versionEndIncluding": "5.5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:substantiation_es:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA8B1410-F4D3-475E-AF5B-BFBDBD0982DF",
"versionEndIncluding": "2.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in TIBCO Software Rendezvous before 8.1.0, as used in multiple TIBCO products, allow remote attackers to execute arbitrary code via a crafted message."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de b\u00fafer en TIBCO Software Rendezvous anterior a 8.1.0., utilizado en m\u00faltiples productos TIBCO,permitena atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un mensaje manipulado."
}
],
"id": "CVE-2008-1703",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-04-11T10:05:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29774"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/44269"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28717"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019826"
},
{
"source": "cve@mitre.org",
"url": "http://www.tibco.com/resources/mk/rendezvous_security_advisory_20080409.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1189/references"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1190/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41760"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29774"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/44269"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28717"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019826"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.tibco.com/resources/mk/rendezvous_security_advisory_20080409.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1189/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1190/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41760"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-4159
Vulnerability from fkie_nvd - Published: 2007-08-03 21:17 - Updated: 2025-04-09 00:30
Severity ?
Summary
index.html in the HTTP administration interface in certain daemons in TIBCO Rendezvous (RV) 7.5.2 allows remote attackers to obtain sensitive information, such as a user name and IP addresses, via a direct request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tibco | rendezvous | 7.5.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:rendezvous:7.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9498F55F-0862-4F95-A625-632F2579411C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "index.html in the HTTP administration interface in certain daemons in TIBCO Rendezvous (RV) 7.5.2 allows remote attackers to obtain sensitive information, such as a user name and IP addresses, via a direct request."
},
{
"lang": "es",
"value": "index.html de la interfaz de administraci\u00f3n HTTP en determinados demonios de TIBCO Rendezvous (RV) 7.5.2 permite a atacantes remotos obtener informaci\u00f3n sensible, tal como un nombre de usuario y direcciones IP, mediante una petici\u00f3n directa."
}
],
"id": "CVE-2007-4159",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-08-03T21:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0620.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/46993"
},
{
"source": "cve@mitre.org",
"url": "http://www.irmplc.com/content/pdfs/Security_Testing_Enterprise_Messaging_Systems.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018512"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2814"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0620.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/46993"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.irmplc.com/content/pdfs/Security_Testing_Enterprise_Messaging_Systems.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018512"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2814"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-4161
Vulnerability from fkie_nvd - Published: 2007-08-03 21:17 - Updated: 2025-04-09 00:30
Severity ?
Summary
rvd in TIBCO Rendezvous (RV) 7.5.2, when -no-lead-wc is omitted, might allow remote attackers to cause a denial of service (network instability) via a subject name with a leading (1) '*' (asterisk) or (2) '>' (greater than) wildcard character.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tibco | rendezvous | 7.5.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:rendezvous:7.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9498F55F-0862-4F95-A625-632F2579411C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "rvd in TIBCO Rendezvous (RV) 7.5.2, when -no-lead-wc is omitted, might allow remote attackers to cause a denial of service (network instability) via a subject name with a leading (1) \u0027*\u0027 (asterisk) or (2) \u0027\u003e\u0027 (greater than) wildcard character."
},
{
"lang": "es",
"value": "rvd en TIBCO Rendezvous (RV) 7.5.2, cuando se omite -no-lead-wc, podr\u00eda permitir a atacantes remotos provocar una denegaci\u00f3n de servicio (inestabilidad de red) a trav\u00e9s de un nombre de asunto con un car\u00e1cter comod\u00edn principal (1) \u0027*\u0027 (asterisco) o (2) \u0027\u003e\u0027 (mayor que)."
}
],
"id": "CVE-2007-4161",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-08-03T21:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0620.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/37681"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/26337"
},
{
"source": "cve@mitre.org",
"url": "http://www.irmplc.com/content/pdfs/Security_Testing_Enterprise_Messaging_Systems.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018512"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2814"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0620.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/37681"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/26337"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.irmplc.com/content/pdfs/Security_Testing_Enterprise_Messaging_Systems.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018512"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2814"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2021-28818 (GCVE-0-2021-28818)
Vulnerability from cvelistv5 – Published: 2021-03-23 20:15 – Updated: 2024-09-17 00:55
VLAI?
Title
TIBCO Rendezvous Windows Platform Artifact Search vulnerability
Summary
The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), Rendezvous Secure C API, Rendezvous Java API, and Rendezvous .Net API components of TIBCO Software Inc.'s TIBCO Rendezvous and TIBCO Rendezvous Developer Edition contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.'s TIBCO Rendezvous: versions 8.5.1 and below and TIBCO Rendezvous Developer Edition: versions 8.5.1 and below.
Severity ?
8.8 (High)
CWE
- The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Rendezvous |
Affected:
unspecified , ≤ 8.5.1
(custom)
|
|||||||
|
|||||||||
Credits
TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:55:11.852Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Rendezvous",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "8.5.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Rendezvous Developer Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "8.5.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability."
}
],
"datePublic": "2021-03-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), Rendezvous Secure C API, Rendezvous Java API, and Rendezvous .Net API components of TIBCO Software Inc.\u0027s TIBCO Rendezvous and TIBCO Rendezvous Developer Edition contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.\u0027s TIBCO Rendezvous: versions 8.5.1 and below and TIBCO Rendezvous Developer Edition: versions 8.5.1 and below."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-23T20:15:22",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/services/support/advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Rendezvous versions 8.5.1 and below update to version 8.5.2 or higher\nTIBCO Rendezvous Developer Edition versions 8.5.1 and below update to version 8.5.2 or higher"
}
],
"source": {
"discovery": "Will Dormann of CERT/CC"
},
"title": "TIBCO Rendezvous Windows Platform Artifact Search vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2021-03-23T17:00:00Z",
"ID": "CVE-2021-28818",
"STATE": "PUBLIC",
"TITLE": "TIBCO Rendezvous Windows Platform Artifact Search vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Rendezvous",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "8.5.1"
}
]
}
},
{
"product_name": "TIBCO Rendezvous Developer Edition",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "8.5.1"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), Rendezvous Secure C API, Rendezvous Java API, and Rendezvous .Net API components of TIBCO Software Inc.\u0027s TIBCO Rendezvous and TIBCO Rendezvous Developer Edition contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.\u0027s TIBCO Rendezvous: versions 8.5.1 and below and TIBCO Rendezvous Developer Edition: versions 8.5.1 and below."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/services/support/advisories"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Rendezvous versions 8.5.1 and below update to version 8.5.2 or higher\nTIBCO Rendezvous Developer Edition versions 8.5.1 and below update to version 8.5.2 or higher"
}
],
"source": {
"discovery": "Will Dormann of CERT/CC"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2021-28818",
"datePublished": "2021-03-23T20:15:22.158888Z",
"dateReserved": "2021-03-18T00:00:00",
"dateUpdated": "2024-09-17T00:55:50.824Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28817 (GCVE-0-2021-28817)
Vulnerability from cvelistv5 – Published: 2021-03-23 20:15 – Updated: 2024-09-17 00:51
VLAI?
Title
TIBCO Rendezvous Windows Platform Installation vulnerability
Summary
The Windows Installation component of TIBCO Software Inc.'s TIBCO Rendezvous and TIBCO Rendezvous Developer Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.'s TIBCO Rendezvous: versions 8.5.1 and below and TIBCO Rendezvous Developer Edition: versions 8.5.1 and below.
Severity ?
8.8 (High)
CWE
- The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Rendezvous |
Affected:
unspecified , ≤ 8.5.1
(custom)
|
|||||||
|
|||||||||
Credits
TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:55:11.598Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Rendezvous",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "8.5.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Rendezvous Developer Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "8.5.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability."
}
],
"datePublic": "2021-03-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Windows Installation component of TIBCO Software Inc.\u0027s TIBCO Rendezvous and TIBCO Rendezvous Developer Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.\u0027s TIBCO Rendezvous: versions 8.5.1 and below and TIBCO Rendezvous Developer Edition: versions 8.5.1 and below."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-23T20:15:21",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/services/support/advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Rendezvous versions 8.5.1 and below update to version 8.5.2 or higher\nTIBCO Rendezvous Developer Edition versions 8.5.1 and below update to version 8.5.2 or higher"
}
],
"source": {
"discovery": "Will Dormann of CERT/CC"
},
"title": "TIBCO Rendezvous Windows Platform Installation vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2021-03-23T17:00:00Z",
"ID": "CVE-2021-28817",
"STATE": "PUBLIC",
"TITLE": "TIBCO Rendezvous Windows Platform Installation vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Rendezvous",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "8.5.1"
}
]
}
},
{
"product_name": "TIBCO Rendezvous Developer Edition",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "8.5.1"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Windows Installation component of TIBCO Software Inc.\u0027s TIBCO Rendezvous and TIBCO Rendezvous Developer Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.\u0027s TIBCO Rendezvous: versions 8.5.1 and below and TIBCO Rendezvous Developer Edition: versions 8.5.1 and below."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/services/support/advisories"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Rendezvous versions 8.5.1 and below update to version 8.5.2 or higher\nTIBCO Rendezvous Developer Edition versions 8.5.1 and below update to version 8.5.2 or higher"
}
],
"source": {
"discovery": "Will Dormann of CERT/CC"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2021-28817",
"datePublished": "2021-03-23T20:15:21.477625Z",
"dateReserved": "2021-03-18T00:00:00",
"dateUpdated": "2024-09-17T00:51:51.446Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12414 (GCVE-0-2018-12414)
Vulnerability from cvelistv5 – Published: 2018-11-07 00:00 – Updated: 2024-09-16 21:04
VLAI?
Title
TIBCO Rendezvous Vulnerable to CSRF Attacks
Summary
The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), and Rendezvous Daemon Manager (rvdm) components of TIBCO Software Inc.'s TIBCO Rendezvous, TIBCO Rendezvous Developer Edition, TIBCO Rendezvous for z/Linux, TIBCO Rendezvous for z/OS, TIBCO Rendezvous Network Server, TIBCO Substation ES contain vulnerabilities which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Rendezvous: versions up to and including 8.4.5, TIBCO Rendezvous Developer Edition: versions up to and including 8.4.5, TIBCO Rendezvous for z/Linux: versions up to and including 8.4.5, TIBCO Rendezvous for z/OS: versions up to and including 8.4.5, TIBCO Rendezvous Network Server: versions up to and including 1.1.2, and TIBCO Substation ES: versions up to and including 2.12.2.
Severity ?
7.5 (High)
CWE
- The impact of these vulnerabilities includes the theoretical possibility of reconfiguring all messaging handled by TIBCO Rendezvous (RV). With such access, the attacker might also be able to gain access to all data sent via RV.
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Rendezvous |
Affected:
unspecified , ≤ 8.4.5
(custom)
|
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:38:05.517Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105871",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105871"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-rendezvous"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Rendezvous",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "8.4.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Rendezvous Developer Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "8.4.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Rendezvous for z/Linux",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "8.4.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Rendezvous for z/OS",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "8.4.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Rendezvous Network Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "1.1.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Substation ES",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "2.12.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), and Rendezvous Daemon Manager (rvdm) components of TIBCO Software Inc.\u0027s TIBCO Rendezvous, TIBCO Rendezvous Developer Edition, TIBCO Rendezvous for z/Linux, TIBCO Rendezvous for z/OS, TIBCO Rendezvous Network Server, TIBCO Substation ES contain vulnerabilities which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.\u0027s TIBCO Rendezvous: versions up to and including 8.4.5, TIBCO Rendezvous Developer Edition: versions up to and including 8.4.5, TIBCO Rendezvous for z/Linux: versions up to and including 8.4.5, TIBCO Rendezvous for z/OS: versions up to and including 8.4.5, TIBCO Rendezvous Network Server: versions up to and including 1.1.2, and TIBCO Substation ES: versions up to and including 2.12.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of these vulnerabilities includes the theoretical possibility of reconfiguring all messaging handled by TIBCO Rendezvous (RV). With such access, the attacker might also be able to gain access to all data sent via RV.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-10T10:57:02",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"name": "105871",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105871"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-rendezvous"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO Rendezvous versions 8.4.5 and below update to version 8.4.6 or higher\nTIBCO Rendezvous Developer Edition versions 8.4.5 and below update to version 8.4.6 or higher\nTIBCO Rendezvous for z/Linux versions 8.4.5 and below update to version 8.4.6 or higher\nTIBCO Rendezvous for z/OS versions 8.4.5 and below update to version 8.4.6 or higher\nTIBCO Rendezvous Network Server versions 1.1.2 and below update to version 1.1.3 or higher\nTIBCO Substation ES versions 2.12.0 and below update to version 2.12.1 or higher"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "TIBCO Rendezvous Vulnerable to CSRF Attacks",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2018-11-06T17:00:00.000Z",
"ID": "CVE-2018-12414",
"STATE": "PUBLIC",
"TITLE": "TIBCO Rendezvous Vulnerable to CSRF Attacks"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Rendezvous",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "8.4.5"
}
]
}
},
{
"product_name": "TIBCO Rendezvous Developer Edition",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "8.4.5"
}
]
}
},
{
"product_name": "TIBCO Rendezvous for z/Linux",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "8.4.5"
}
]
}
},
{
"product_name": "TIBCO Rendezvous for z/OS",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "8.4.5"
}
]
}
},
{
"product_name": "TIBCO Rendezvous Network Server",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "1.1.2"
}
]
}
},
{
"product_name": "TIBCO Substation ES",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "2.12.2"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), and Rendezvous Daemon Manager (rvdm) components of TIBCO Software Inc.\u0027s TIBCO Rendezvous, TIBCO Rendezvous Developer Edition, TIBCO Rendezvous for z/Linux, TIBCO Rendezvous for z/OS, TIBCO Rendezvous Network Server, TIBCO Substation ES contain vulnerabilities which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.\u0027s TIBCO Rendezvous: versions up to and including 8.4.5, TIBCO Rendezvous Developer Edition: versions up to and including 8.4.5, TIBCO Rendezvous for z/Linux: versions up to and including 8.4.5, TIBCO Rendezvous for z/OS: versions up to and including 8.4.5, TIBCO Rendezvous Network Server: versions up to and including 1.1.2, and TIBCO Substation ES: versions up to and including 2.12.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of these vulnerabilities includes the theoretical possibility of reconfiguring all messaging handled by TIBCO Rendezvous (RV). With such access, the attacker might also be able to gain access to all data sent via RV."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105871",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105871"
},
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "MISC",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-rendezvous",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-rendezvous"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO Rendezvous versions 8.4.5 and below update to version 8.4.6 or higher\nTIBCO Rendezvous Developer Edition versions 8.4.5 and below update to version 8.4.6 or higher\nTIBCO Rendezvous for z/Linux versions 8.4.5 and below update to version 8.4.6 or higher\nTIBCO Rendezvous for z/OS versions 8.4.5 and below update to version 8.4.6 or higher\nTIBCO Rendezvous Network Server versions 1.1.2 and below update to version 1.1.3 or higher\nTIBCO Substation ES versions 2.12.0 and below update to version 2.12.1 or higher"
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2018-12414",
"datePublished": "2018-11-07T00:00:00Z",
"dateReserved": "2018-06-14T00:00:00",
"dateUpdated": "2024-09-16T21:04:22.688Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-4555 (GCVE-0-2015-4555)
Vulnerability from cvelistv5 – Published: 2015-08-30 14:00 – Updated: 2024-08-06 06:18
VLAI?
Summary
Buffer overflow in the HTTP administrative interface in TIBCO Rendezvous before 8.4.4, Rendezvous Network Server before 1.1.1, Substation ES before 2.9.0, and Messaging Appliance before 8.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the Rendezvous Daemon (rvd), Routing Daemon (rvrd), Secure Daemon (rvsd), Secure Routing Daemon (rvsrd), Gateway Daemon (rvgd), Daemon Adapter (rvda), Cache (rvcache), Agent (rva), and Relay Agent (rvrad) components.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:18:12.137Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1033677",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033677"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/assets/blt18493dc775c50c09/2015-002-advisory.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-08-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the HTTP administrative interface in TIBCO Rendezvous before 8.4.4, Rendezvous Network Server before 1.1.1, Substation ES before 2.9.0, and Messaging Appliance before 8.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the Rendezvous Daemon (rvd), Routing Daemon (rvrd), Secure Daemon (rvsd), Secure Routing Daemon (rvsrd), Gateway Daemon (rvgd), Daemon Adapter (rvda), Cache (rvcache), Agent (rva), and Relay Agent (rvrad) components."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1033677",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033677"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/assets/blt18493dc775c50c09/2015-002-advisory.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4555",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the HTTP administrative interface in TIBCO Rendezvous before 8.4.4, Rendezvous Network Server before 1.1.1, Substation ES before 2.9.0, and Messaging Appliance before 8.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the Rendezvous Daemon (rvd), Routing Daemon (rvrd), Secure Daemon (rvsd), Secure Routing Daemon (rvsrd), Gateway Daemon (rvgd), Daemon Adapter (rvda), Cache (rvcache), Agent (rva), and Relay Agent (rvrad) components."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033677",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033677"
},
{
"name": "http://www.tibco.com/mk/advisory.jsp",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"name": "http://www.tibco.com/assets/blt18493dc775c50c09/2015-002-advisory.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/assets/blt18493dc775c50c09/2015-002-advisory.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-4555",
"datePublished": "2015-08-30T14:00:00",
"dateReserved": "2015-06-14T00:00:00",
"dateUpdated": "2024-08-06T06:18:12.137Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2542 (GCVE-0-2014-2542)
Vulnerability from cvelistv5 – Published: 2014-04-08 17:00 – Updated: 2024-08-06 10:14
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:26.653Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "66737",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/66737"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"name": "1030070",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030070"
},
{
"name": "101873",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101873"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-18T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "66737",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/66737"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"name": "1030070",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030070"
},
{
"name": "101873",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101873"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2542",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "66737",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66737"
},
{
"name": "http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt"
},
{
"name": "http://www.tibco.com/mk/advisory.jsp",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"name": "1030070",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030070"
},
{
"name": "101873",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101873"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2542",
"datePublished": "2014-04-08T17:00:00",
"dateReserved": "2014-03-18T00:00:00",
"dateUpdated": "2024-08-06T10:14:26.653Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2543 (GCVE-0-2014-2543)
Vulnerability from cvelistv5 – Published: 2014-04-08 17:00 – Updated: 2024-08-06 10:21
VLAI?
Summary
Buffer overflow in the Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 allows remote attackers to execute arbitrary code by leveraging access to a directly connected client and transmitting crafted data.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:21:35.966Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt"
},
{
"name": "66744",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/66744"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"name": "1030070",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030070"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 allows remote attackers to execute arbitrary code by leveraging access to a directly connected client and transmitting crafted data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-14T17:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt"
},
{
"name": "66744",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/66744"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"name": "1030070",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030070"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2543",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 allows remote attackers to execute arbitrary code by leveraging access to a directly connected client and transmitting crafted data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt"
},
{
"name": "66744",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66744"
},
{
"name": "http://www.tibco.com/mk/advisory.jsp",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"name": "1030070",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030070"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2543",
"datePublished": "2014-04-08T17:00:00",
"dateReserved": "2014-03-18T00:00:00",
"dateUpdated": "2024-08-06T10:21:35.966Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2541 (GCVE-0-2014-2541)
Vulnerability from cvelistv5 – Published: 2014-04-08 17:00 – Updated: 2024-08-06 10:14
VLAI?
Summary
The Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 do not properly implement access control, which allows remote attackers to obtain sensitive information or modify transmitted information via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:26.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"name": "1030070",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030070"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 do not properly implement access control, which allows remote attackers to obtain sensitive information or modify transmitted information via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-14T17:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"name": "1030070",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030070"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2541",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 do not properly implement access control, which allows remote attackers to obtain sensitive information or modify transmitted information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt"
},
{
"name": "http://www.tibco.com/mk/advisory.jsp",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"name": "1030070",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030070"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2541",
"datePublished": "2014-04-08T17:00:00",
"dateReserved": "2014-03-18T00:00:00",
"dateUpdated": "2024-08-06T10:14:26.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0649 (GCVE-0-2011-0649)
Vulnerability from cvelistv5 – Published: 2011-02-04 00:00 – Updated: 2024-08-06 21:58
VLAI?
Summary
Multiple unspecified vulnerabilities in TIBCO Rendezvous 8.2.1 through 8.3.0, Enterprise Message Service (EMS) 5.1.0 through 6.0.0, Runtime Agent (TRA) 5.6.2 through 5.7.0, Silver BPM Service before 1.0.4, Silver CAP Service vebefore 1.0.2, and Silver BusinessWorks Service 1.0.0, when running on Unix systems, allow local users to gain root privileges via unknown vectors related to SUID and (1) Rendezvous Routing Daemon (rvrd), (2) Rendezvous Secure Daemon (rvsd), (3) Rendezvous Secure Routing Daemon (rvsrd), and (4) EMS Server (tibemsd).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:58:26.051Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43174",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43174"
},
{
"name": "43160",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43160"
},
{
"name": "ADV-2011-0269",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0269"
},
{
"name": "46104",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46104"
},
{
"name": "tibco-suid-privilege-escalation(65105)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65105"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/multimedia/rv_ems_security_advisory_20110201_tcm8-13185.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in TIBCO Rendezvous 8.2.1 through 8.3.0, Enterprise Message Service (EMS) 5.1.0 through 6.0.0, Runtime Agent (TRA) 5.6.2 through 5.7.0, Silver BPM Service before 1.0.4, Silver CAP Service vebefore 1.0.2, and Silver BusinessWorks Service 1.0.0, when running on Unix systems, allow local users to gain root privileges via unknown vectors related to SUID and (1) Rendezvous Routing Daemon (rvrd), (2) Rendezvous Secure Daemon (rvsd), (3) Rendezvous Secure Routing Daemon (rvsrd), and (4) EMS Server (tibemsd)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "43174",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43174"
},
{
"name": "43160",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43160"
},
{
"name": "ADV-2011-0269",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0269"
},
{
"name": "46104",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46104"
},
{
"name": "tibco-suid-privilege-escalation(65105)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65105"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/multimedia/rv_ems_security_advisory_20110201_tcm8-13185.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0649",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in TIBCO Rendezvous 8.2.1 through 8.3.0, Enterprise Message Service (EMS) 5.1.0 through 6.0.0, Runtime Agent (TRA) 5.6.2 through 5.7.0, Silver BPM Service before 1.0.4, Silver CAP Service vebefore 1.0.2, and Silver BusinessWorks Service 1.0.0, when running on Unix systems, allow local users to gain root privileges via unknown vectors related to SUID and (1) Rendezvous Routing Daemon (rvrd), (2) Rendezvous Secure Daemon (rvsd), (3) Rendezvous Secure Routing Daemon (rvsrd), and (4) EMS Server (tibemsd)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43174",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43174"
},
{
"name": "43160",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43160"
},
{
"name": "ADV-2011-0269",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0269"
},
{
"name": "46104",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46104"
},
{
"name": "tibco-suid-privilege-escalation(65105)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65105"
},
{
"name": "http://www.tibco.com/multimedia/rv_ems_security_advisory_20110201_tcm8-13185.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/multimedia/rv_ems_security_advisory_20110201_tcm8-13185.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0649",
"datePublished": "2011-02-04T00:00:00",
"dateReserved": "2011-01-25T00:00:00",
"dateUpdated": "2024-08-06T21:58:26.051Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1703 (GCVE-0-2008-1703)
Vulnerability from cvelistv5 – Published: 2008-04-11 10:00 – Updated: 2024-08-07 08:32
VLAI?
Summary
Multiple buffer overflows in TIBCO Software Rendezvous before 8.1.0, as used in multiple TIBCO products, allow remote attackers to execute arbitrary code via a crafted message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:32:01.300Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/resources/mk/rendezvous_security_advisory_20080409.txt"
},
{
"name": "1019826",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019826"
},
{
"name": "tibco-rendezvous-multiple-code-execution(41760)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41760"
},
{
"name": "44269",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/44269"
},
{
"name": "28717",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28717"
},
{
"name": "ADV-2008-1190",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1190/references"
},
{
"name": "29774",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29774"
},
{
"name": "ADV-2008-1189",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1189/references"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in TIBCO Software Rendezvous before 8.1.0, as used in multiple TIBCO products, allow remote attackers to execute arbitrary code via a crafted message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/resources/mk/rendezvous_security_advisory_20080409.txt"
},
{
"name": "1019826",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019826"
},
{
"name": "tibco-rendezvous-multiple-code-execution(41760)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41760"
},
{
"name": "44269",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/44269"
},
{
"name": "28717",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28717"
},
{
"name": "ADV-2008-1190",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1190/references"
},
{
"name": "29774",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29774"
},
{
"name": "ADV-2008-1189",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1189/references"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1703",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in TIBCO Software Rendezvous before 8.1.0, as used in multiple TIBCO products, allow remote attackers to execute arbitrary code via a crafted message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/resources/mk/rendezvous_security_advisory_20080409.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/resources/mk/rendezvous_security_advisory_20080409.txt"
},
{
"name": "1019826",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019826"
},
{
"name": "tibco-rendezvous-multiple-code-execution(41760)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41760"
},
{
"name": "44269",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/44269"
},
{
"name": "28717",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28717"
},
{
"name": "ADV-2008-1190",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1190/references"
},
{
"name": "29774",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29774"
},
{
"name": "ADV-2008-1189",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1189/references"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1703",
"datePublished": "2008-04-11T10:00:00",
"dateReserved": "2008-04-08T00:00:00",
"dateUpdated": "2024-08-07T08:32:01.300Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28818 (GCVE-0-2021-28818)
Vulnerability from nvd – Published: 2021-03-23 20:15 – Updated: 2024-09-17 00:55
VLAI?
Title
TIBCO Rendezvous Windows Platform Artifact Search vulnerability
Summary
The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), Rendezvous Secure C API, Rendezvous Java API, and Rendezvous .Net API components of TIBCO Software Inc.'s TIBCO Rendezvous and TIBCO Rendezvous Developer Edition contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.'s TIBCO Rendezvous: versions 8.5.1 and below and TIBCO Rendezvous Developer Edition: versions 8.5.1 and below.
Severity ?
8.8 (High)
CWE
- The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Rendezvous |
Affected:
unspecified , ≤ 8.5.1
(custom)
|
|||||||
|
|||||||||
Credits
TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:55:11.852Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Rendezvous",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "8.5.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Rendezvous Developer Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "8.5.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability."
}
],
"datePublic": "2021-03-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), Rendezvous Secure C API, Rendezvous Java API, and Rendezvous .Net API components of TIBCO Software Inc.\u0027s TIBCO Rendezvous and TIBCO Rendezvous Developer Edition contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.\u0027s TIBCO Rendezvous: versions 8.5.1 and below and TIBCO Rendezvous Developer Edition: versions 8.5.1 and below."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-23T20:15:22",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/services/support/advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Rendezvous versions 8.5.1 and below update to version 8.5.2 or higher\nTIBCO Rendezvous Developer Edition versions 8.5.1 and below update to version 8.5.2 or higher"
}
],
"source": {
"discovery": "Will Dormann of CERT/CC"
},
"title": "TIBCO Rendezvous Windows Platform Artifact Search vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2021-03-23T17:00:00Z",
"ID": "CVE-2021-28818",
"STATE": "PUBLIC",
"TITLE": "TIBCO Rendezvous Windows Platform Artifact Search vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Rendezvous",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "8.5.1"
}
]
}
},
{
"product_name": "TIBCO Rendezvous Developer Edition",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "8.5.1"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), Rendezvous Secure C API, Rendezvous Java API, and Rendezvous .Net API components of TIBCO Software Inc.\u0027s TIBCO Rendezvous and TIBCO Rendezvous Developer Edition contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.\u0027s TIBCO Rendezvous: versions 8.5.1 and below and TIBCO Rendezvous Developer Edition: versions 8.5.1 and below."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/services/support/advisories"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Rendezvous versions 8.5.1 and below update to version 8.5.2 or higher\nTIBCO Rendezvous Developer Edition versions 8.5.1 and below update to version 8.5.2 or higher"
}
],
"source": {
"discovery": "Will Dormann of CERT/CC"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2021-28818",
"datePublished": "2021-03-23T20:15:22.158888Z",
"dateReserved": "2021-03-18T00:00:00",
"dateUpdated": "2024-09-17T00:55:50.824Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28817 (GCVE-0-2021-28817)
Vulnerability from nvd – Published: 2021-03-23 20:15 – Updated: 2024-09-17 00:51
VLAI?
Title
TIBCO Rendezvous Windows Platform Installation vulnerability
Summary
The Windows Installation component of TIBCO Software Inc.'s TIBCO Rendezvous and TIBCO Rendezvous Developer Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.'s TIBCO Rendezvous: versions 8.5.1 and below and TIBCO Rendezvous Developer Edition: versions 8.5.1 and below.
Severity ?
8.8 (High)
CWE
- The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Rendezvous |
Affected:
unspecified , ≤ 8.5.1
(custom)
|
|||||||
|
|||||||||
Credits
TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:55:11.598Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Rendezvous",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "8.5.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Rendezvous Developer Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "8.5.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability."
}
],
"datePublic": "2021-03-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Windows Installation component of TIBCO Software Inc.\u0027s TIBCO Rendezvous and TIBCO Rendezvous Developer Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.\u0027s TIBCO Rendezvous: versions 8.5.1 and below and TIBCO Rendezvous Developer Edition: versions 8.5.1 and below."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-23T20:15:21",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/services/support/advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Rendezvous versions 8.5.1 and below update to version 8.5.2 or higher\nTIBCO Rendezvous Developer Edition versions 8.5.1 and below update to version 8.5.2 or higher"
}
],
"source": {
"discovery": "Will Dormann of CERT/CC"
},
"title": "TIBCO Rendezvous Windows Platform Installation vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2021-03-23T17:00:00Z",
"ID": "CVE-2021-28817",
"STATE": "PUBLIC",
"TITLE": "TIBCO Rendezvous Windows Platform Installation vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Rendezvous",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "8.5.1"
}
]
}
},
{
"product_name": "TIBCO Rendezvous Developer Edition",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "8.5.1"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Windows Installation component of TIBCO Software Inc.\u0027s TIBCO Rendezvous and TIBCO Rendezvous Developer Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.\u0027s TIBCO Rendezvous: versions 8.5.1 and below and TIBCO Rendezvous Developer Edition: versions 8.5.1 and below."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/services/support/advisories"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Rendezvous versions 8.5.1 and below update to version 8.5.2 or higher\nTIBCO Rendezvous Developer Edition versions 8.5.1 and below update to version 8.5.2 or higher"
}
],
"source": {
"discovery": "Will Dormann of CERT/CC"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2021-28817",
"datePublished": "2021-03-23T20:15:21.477625Z",
"dateReserved": "2021-03-18T00:00:00",
"dateUpdated": "2024-09-17T00:51:51.446Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12414 (GCVE-0-2018-12414)
Vulnerability from nvd – Published: 2018-11-07 00:00 – Updated: 2024-09-16 21:04
VLAI?
Title
TIBCO Rendezvous Vulnerable to CSRF Attacks
Summary
The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), and Rendezvous Daemon Manager (rvdm) components of TIBCO Software Inc.'s TIBCO Rendezvous, TIBCO Rendezvous Developer Edition, TIBCO Rendezvous for z/Linux, TIBCO Rendezvous for z/OS, TIBCO Rendezvous Network Server, TIBCO Substation ES contain vulnerabilities which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Rendezvous: versions up to and including 8.4.5, TIBCO Rendezvous Developer Edition: versions up to and including 8.4.5, TIBCO Rendezvous for z/Linux: versions up to and including 8.4.5, TIBCO Rendezvous for z/OS: versions up to and including 8.4.5, TIBCO Rendezvous Network Server: versions up to and including 1.1.2, and TIBCO Substation ES: versions up to and including 2.12.2.
Severity ?
7.5 (High)
CWE
- The impact of these vulnerabilities includes the theoretical possibility of reconfiguring all messaging handled by TIBCO Rendezvous (RV). With such access, the attacker might also be able to gain access to all data sent via RV.
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Rendezvous |
Affected:
unspecified , ≤ 8.4.5
(custom)
|
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:38:05.517Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105871",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105871"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-rendezvous"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Rendezvous",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "8.4.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Rendezvous Developer Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "8.4.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Rendezvous for z/Linux",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "8.4.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Rendezvous for z/OS",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "8.4.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Rendezvous Network Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "1.1.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Substation ES",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "2.12.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), and Rendezvous Daemon Manager (rvdm) components of TIBCO Software Inc.\u0027s TIBCO Rendezvous, TIBCO Rendezvous Developer Edition, TIBCO Rendezvous for z/Linux, TIBCO Rendezvous for z/OS, TIBCO Rendezvous Network Server, TIBCO Substation ES contain vulnerabilities which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.\u0027s TIBCO Rendezvous: versions up to and including 8.4.5, TIBCO Rendezvous Developer Edition: versions up to and including 8.4.5, TIBCO Rendezvous for z/Linux: versions up to and including 8.4.5, TIBCO Rendezvous for z/OS: versions up to and including 8.4.5, TIBCO Rendezvous Network Server: versions up to and including 1.1.2, and TIBCO Substation ES: versions up to and including 2.12.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of these vulnerabilities includes the theoretical possibility of reconfiguring all messaging handled by TIBCO Rendezvous (RV). With such access, the attacker might also be able to gain access to all data sent via RV.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-10T10:57:02",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"name": "105871",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105871"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-rendezvous"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO Rendezvous versions 8.4.5 and below update to version 8.4.6 or higher\nTIBCO Rendezvous Developer Edition versions 8.4.5 and below update to version 8.4.6 or higher\nTIBCO Rendezvous for z/Linux versions 8.4.5 and below update to version 8.4.6 or higher\nTIBCO Rendezvous for z/OS versions 8.4.5 and below update to version 8.4.6 or higher\nTIBCO Rendezvous Network Server versions 1.1.2 and below update to version 1.1.3 or higher\nTIBCO Substation ES versions 2.12.0 and below update to version 2.12.1 or higher"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "TIBCO Rendezvous Vulnerable to CSRF Attacks",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2018-11-06T17:00:00.000Z",
"ID": "CVE-2018-12414",
"STATE": "PUBLIC",
"TITLE": "TIBCO Rendezvous Vulnerable to CSRF Attacks"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Rendezvous",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "8.4.5"
}
]
}
},
{
"product_name": "TIBCO Rendezvous Developer Edition",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "8.4.5"
}
]
}
},
{
"product_name": "TIBCO Rendezvous for z/Linux",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "8.4.5"
}
]
}
},
{
"product_name": "TIBCO Rendezvous for z/OS",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "8.4.5"
}
]
}
},
{
"product_name": "TIBCO Rendezvous Network Server",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "1.1.2"
}
]
}
},
{
"product_name": "TIBCO Substation ES",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "2.12.2"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), and Rendezvous Daemon Manager (rvdm) components of TIBCO Software Inc.\u0027s TIBCO Rendezvous, TIBCO Rendezvous Developer Edition, TIBCO Rendezvous for z/Linux, TIBCO Rendezvous for z/OS, TIBCO Rendezvous Network Server, TIBCO Substation ES contain vulnerabilities which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.\u0027s TIBCO Rendezvous: versions up to and including 8.4.5, TIBCO Rendezvous Developer Edition: versions up to and including 8.4.5, TIBCO Rendezvous for z/Linux: versions up to and including 8.4.5, TIBCO Rendezvous for z/OS: versions up to and including 8.4.5, TIBCO Rendezvous Network Server: versions up to and including 1.1.2, and TIBCO Substation ES: versions up to and including 2.12.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of these vulnerabilities includes the theoretical possibility of reconfiguring all messaging handled by TIBCO Rendezvous (RV). With such access, the attacker might also be able to gain access to all data sent via RV."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105871",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105871"
},
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "MISC",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-rendezvous",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-rendezvous"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO Rendezvous versions 8.4.5 and below update to version 8.4.6 or higher\nTIBCO Rendezvous Developer Edition versions 8.4.5 and below update to version 8.4.6 or higher\nTIBCO Rendezvous for z/Linux versions 8.4.5 and below update to version 8.4.6 or higher\nTIBCO Rendezvous for z/OS versions 8.4.5 and below update to version 8.4.6 or higher\nTIBCO Rendezvous Network Server versions 1.1.2 and below update to version 1.1.3 or higher\nTIBCO Substation ES versions 2.12.0 and below update to version 2.12.1 or higher"
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2018-12414",
"datePublished": "2018-11-07T00:00:00Z",
"dateReserved": "2018-06-14T00:00:00",
"dateUpdated": "2024-09-16T21:04:22.688Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-4555 (GCVE-0-2015-4555)
Vulnerability from nvd – Published: 2015-08-30 14:00 – Updated: 2024-08-06 06:18
VLAI?
Summary
Buffer overflow in the HTTP administrative interface in TIBCO Rendezvous before 8.4.4, Rendezvous Network Server before 1.1.1, Substation ES before 2.9.0, and Messaging Appliance before 8.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the Rendezvous Daemon (rvd), Routing Daemon (rvrd), Secure Daemon (rvsd), Secure Routing Daemon (rvsrd), Gateway Daemon (rvgd), Daemon Adapter (rvda), Cache (rvcache), Agent (rva), and Relay Agent (rvrad) components.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:18:12.137Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1033677",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033677"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/assets/blt18493dc775c50c09/2015-002-advisory.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-08-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the HTTP administrative interface in TIBCO Rendezvous before 8.4.4, Rendezvous Network Server before 1.1.1, Substation ES before 2.9.0, and Messaging Appliance before 8.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the Rendezvous Daemon (rvd), Routing Daemon (rvrd), Secure Daemon (rvsd), Secure Routing Daemon (rvsrd), Gateway Daemon (rvgd), Daemon Adapter (rvda), Cache (rvcache), Agent (rva), and Relay Agent (rvrad) components."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1033677",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033677"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/assets/blt18493dc775c50c09/2015-002-advisory.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4555",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the HTTP administrative interface in TIBCO Rendezvous before 8.4.4, Rendezvous Network Server before 1.1.1, Substation ES before 2.9.0, and Messaging Appliance before 8.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the Rendezvous Daemon (rvd), Routing Daemon (rvrd), Secure Daemon (rvsd), Secure Routing Daemon (rvsrd), Gateway Daemon (rvgd), Daemon Adapter (rvda), Cache (rvcache), Agent (rva), and Relay Agent (rvrad) components."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033677",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033677"
},
{
"name": "http://www.tibco.com/mk/advisory.jsp",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"name": "http://www.tibco.com/assets/blt18493dc775c50c09/2015-002-advisory.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/assets/blt18493dc775c50c09/2015-002-advisory.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-4555",
"datePublished": "2015-08-30T14:00:00",
"dateReserved": "2015-06-14T00:00:00",
"dateUpdated": "2024-08-06T06:18:12.137Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2542 (GCVE-0-2014-2542)
Vulnerability from nvd – Published: 2014-04-08 17:00 – Updated: 2024-08-06 10:14
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:26.653Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "66737",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/66737"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"name": "1030070",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030070"
},
{
"name": "101873",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101873"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-18T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "66737",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/66737"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"name": "1030070",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030070"
},
{
"name": "101873",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101873"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2542",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "66737",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66737"
},
{
"name": "http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt"
},
{
"name": "http://www.tibco.com/mk/advisory.jsp",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"name": "1030070",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030070"
},
{
"name": "101873",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101873"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2542",
"datePublished": "2014-04-08T17:00:00",
"dateReserved": "2014-03-18T00:00:00",
"dateUpdated": "2024-08-06T10:14:26.653Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2543 (GCVE-0-2014-2543)
Vulnerability from nvd – Published: 2014-04-08 17:00 – Updated: 2024-08-06 10:21
VLAI?
Summary
Buffer overflow in the Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 allows remote attackers to execute arbitrary code by leveraging access to a directly connected client and transmitting crafted data.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:21:35.966Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt"
},
{
"name": "66744",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/66744"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"name": "1030070",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030070"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 allows remote attackers to execute arbitrary code by leveraging access to a directly connected client and transmitting crafted data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-14T17:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt"
},
{
"name": "66744",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/66744"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"name": "1030070",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030070"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2543",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 allows remote attackers to execute arbitrary code by leveraging access to a directly connected client and transmitting crafted data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt"
},
{
"name": "66744",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66744"
},
{
"name": "http://www.tibco.com/mk/advisory.jsp",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"name": "1030070",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030070"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2543",
"datePublished": "2014-04-08T17:00:00",
"dateReserved": "2014-03-18T00:00:00",
"dateUpdated": "2024-08-06T10:21:35.966Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2541 (GCVE-0-2014-2541)
Vulnerability from nvd – Published: 2014-04-08 17:00 – Updated: 2024-08-06 10:14
VLAI?
Summary
The Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 do not properly implement access control, which allows remote attackers to obtain sensitive information or modify transmitted information via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:26.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"name": "1030070",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030070"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 do not properly implement access control, which allows remote attackers to obtain sensitive information or modify transmitted information via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-14T17:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"name": "1030070",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030070"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2541",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 do not properly implement access control, which allows remote attackers to obtain sensitive information or modify transmitted information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt"
},
{
"name": "http://www.tibco.com/mk/advisory.jsp",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"name": "1030070",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030070"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2541",
"datePublished": "2014-04-08T17:00:00",
"dateReserved": "2014-03-18T00:00:00",
"dateUpdated": "2024-08-06T10:14:26.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0649 (GCVE-0-2011-0649)
Vulnerability from nvd – Published: 2011-02-04 00:00 – Updated: 2024-08-06 21:58
VLAI?
Summary
Multiple unspecified vulnerabilities in TIBCO Rendezvous 8.2.1 through 8.3.0, Enterprise Message Service (EMS) 5.1.0 through 6.0.0, Runtime Agent (TRA) 5.6.2 through 5.7.0, Silver BPM Service before 1.0.4, Silver CAP Service vebefore 1.0.2, and Silver BusinessWorks Service 1.0.0, when running on Unix systems, allow local users to gain root privileges via unknown vectors related to SUID and (1) Rendezvous Routing Daemon (rvrd), (2) Rendezvous Secure Daemon (rvsd), (3) Rendezvous Secure Routing Daemon (rvsrd), and (4) EMS Server (tibemsd).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:58:26.051Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43174",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43174"
},
{
"name": "43160",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43160"
},
{
"name": "ADV-2011-0269",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0269"
},
{
"name": "46104",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46104"
},
{
"name": "tibco-suid-privilege-escalation(65105)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65105"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/multimedia/rv_ems_security_advisory_20110201_tcm8-13185.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in TIBCO Rendezvous 8.2.1 through 8.3.0, Enterprise Message Service (EMS) 5.1.0 through 6.0.0, Runtime Agent (TRA) 5.6.2 through 5.7.0, Silver BPM Service before 1.0.4, Silver CAP Service vebefore 1.0.2, and Silver BusinessWorks Service 1.0.0, when running on Unix systems, allow local users to gain root privileges via unknown vectors related to SUID and (1) Rendezvous Routing Daemon (rvrd), (2) Rendezvous Secure Daemon (rvsd), (3) Rendezvous Secure Routing Daemon (rvsrd), and (4) EMS Server (tibemsd)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "43174",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43174"
},
{
"name": "43160",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43160"
},
{
"name": "ADV-2011-0269",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0269"
},
{
"name": "46104",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46104"
},
{
"name": "tibco-suid-privilege-escalation(65105)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65105"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/multimedia/rv_ems_security_advisory_20110201_tcm8-13185.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0649",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in TIBCO Rendezvous 8.2.1 through 8.3.0, Enterprise Message Service (EMS) 5.1.0 through 6.0.0, Runtime Agent (TRA) 5.6.2 through 5.7.0, Silver BPM Service before 1.0.4, Silver CAP Service vebefore 1.0.2, and Silver BusinessWorks Service 1.0.0, when running on Unix systems, allow local users to gain root privileges via unknown vectors related to SUID and (1) Rendezvous Routing Daemon (rvrd), (2) Rendezvous Secure Daemon (rvsd), (3) Rendezvous Secure Routing Daemon (rvsrd), and (4) EMS Server (tibemsd)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43174",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43174"
},
{
"name": "43160",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43160"
},
{
"name": "ADV-2011-0269",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0269"
},
{
"name": "46104",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46104"
},
{
"name": "tibco-suid-privilege-escalation(65105)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65105"
},
{
"name": "http://www.tibco.com/multimedia/rv_ems_security_advisory_20110201_tcm8-13185.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/multimedia/rv_ems_security_advisory_20110201_tcm8-13185.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0649",
"datePublished": "2011-02-04T00:00:00",
"dateReserved": "2011-01-25T00:00:00",
"dateUpdated": "2024-08-06T21:58:26.051Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1703 (GCVE-0-2008-1703)
Vulnerability from nvd – Published: 2008-04-11 10:00 – Updated: 2024-08-07 08:32
VLAI?
Summary
Multiple buffer overflows in TIBCO Software Rendezvous before 8.1.0, as used in multiple TIBCO products, allow remote attackers to execute arbitrary code via a crafted message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:32:01.300Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/resources/mk/rendezvous_security_advisory_20080409.txt"
},
{
"name": "1019826",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019826"
},
{
"name": "tibco-rendezvous-multiple-code-execution(41760)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41760"
},
{
"name": "44269",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/44269"
},
{
"name": "28717",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28717"
},
{
"name": "ADV-2008-1190",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1190/references"
},
{
"name": "29774",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29774"
},
{
"name": "ADV-2008-1189",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1189/references"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in TIBCO Software Rendezvous before 8.1.0, as used in multiple TIBCO products, allow remote attackers to execute arbitrary code via a crafted message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/resources/mk/rendezvous_security_advisory_20080409.txt"
},
{
"name": "1019826",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019826"
},
{
"name": "tibco-rendezvous-multiple-code-execution(41760)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41760"
},
{
"name": "44269",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/44269"
},
{
"name": "28717",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28717"
},
{
"name": "ADV-2008-1190",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1190/references"
},
{
"name": "29774",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29774"
},
{
"name": "ADV-2008-1189",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1189/references"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1703",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in TIBCO Software Rendezvous before 8.1.0, as used in multiple TIBCO products, allow remote attackers to execute arbitrary code via a crafted message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/resources/mk/rendezvous_security_advisory_20080409.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/resources/mk/rendezvous_security_advisory_20080409.txt"
},
{
"name": "1019826",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019826"
},
{
"name": "tibco-rendezvous-multiple-code-execution(41760)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41760"
},
{
"name": "44269",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/44269"
},
{
"name": "28717",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28717"
},
{
"name": "ADV-2008-1190",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1190/references"
},
{
"name": "29774",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29774"
},
{
"name": "ADV-2008-1189",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1189/references"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1703",
"datePublished": "2008-04-11T10:00:00",
"dateReserved": "2008-04-08T00:00:00",
"dateUpdated": "2024-08-07T08:32:01.300Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}