CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
High
EPSS
Percentile
94.4%
TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing values that are used as pointers.
Vendor | Product | Version | CPE |
---|---|---|---|
tibco | rtworks | * | cpe:2.3:a:tibco:rtworks:*:*:*:*:*:*:*:* |
tibco | smartsockets_rtserver | * | cpe:2.3:a:tibco:smartsockets_rtserver:*:*:*:*:*:*:*:* |
tibco | ems_server | * | cpe:2.3:h:tibco:ems_server:*:*:*:*:*:*:*:* |
tibco | enterprise_message_service | * | cpe:2.3:a:tibco:enterprise_message_service:*:*:*:*:*:*:*:* |
labs.idefense.com/intelligence/vulnerabilities/display.php?id=639
secunia.com/advisories/28490
securitytracker.com/id?1019193
www.securityfocus.com/bid/27292
www.tibco.com/mk/advisory.jsp
www.tibco.com/resources/mk/ems_security_advisory_20080115.txt
www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt
www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt
www.vupen.com/english/advisories/2008/0173
exchange.xforce.ibmcloud.com/vulnerabilities/39705