TIBCO Security Advisory: March 23, 2021 - TIBCO Enterprise Message Service -2021-28822

TIBCO Enterprise Message Service Windows Platform Artifact Search vulnerability Original release date: March 23,2021 Last revised: CVE-2021-28822 Source: TIBCO Software Inc. Products Affected TIBCO Enterprise Message Service versions 8.5.1 and below TIBCO Enterprise Message Service - Community...

TIBCO Security Advisory: March 23, 2021 - TIBCO Enterprise Message Service -2021-28822

TIBCO Enterprise Message Service Windows Platform Artifact Search vulnerability Original release date: March 23,2021 Last revised: CVE-2021-28822 Source: TIBCO Software Inc. Products Affected TIBCO Enterprise Message Service versions 8.5.1 and below TIBCO Enterprise Message Service - Community...

TIBCO Security Advisory: March 23, 2021 - TIBCO Enterprise Message Service -2021-28821

TIBCO Enterprise Message Service Windows Platform Installation vulnerability Original release date: March 23,2021 Last revised: CVE-2021-28821 Source: TIBCO Software Inc. Products Affected TIBCO Enterprise Message Service versions 8.5.1 and below TIBCO Enterprise Message Service - Community Editi...

[SECURITY] [DLA 2583-1] activemq security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2583-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA March 05, 2021 https://wiki.debian.org/LTS -...

wildfly: resource adapter logs plaintext JMS password at warning level on connection error

A flaw was found in wildfly. JMS passwords are logged by the resource adaptor in plain text at the warning level when a connection error occurs allowing any user that has access to the log to gain access to this sensitive information. The highest threat from this vulnerability is to data...

PT-2020-16144 · Red Hat · Wildfly

Name of the Vulnerable Software and Affected Versions: WildFly versions prior to 21.0.0.Final Description: A flaw was discovered in WildFly where the resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file. Recommendation...

ALEOS Buffer Overflow Vulnerability

ALEOS is an integrated development environment for building customized embedded M2M applications. A buffer overflow vulnerability exists in the SMS Handler API in ALEOS versions prior to 4.13.0, 4.9.5, and 4.4.9, which can be exploited by an attacker to execute code as root...

Vocational College Smart Campus Platform Has Logic Flaw Vulnerabilities

Vocational College Smart Campus Platform is a fully integrated large-scale application system for the management and teaching business characteristics of vocational colleges and universities, providing an integrated solution covering enrollment and employment, teaching and learning, student...

CVE-2019-8553

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2. Clicking a malicious SMS link may lead to arbitrary code execution...

CVE-2019-1747

A vulnerability in the implementation of the Short Message Service SMS handling functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a denial of service DoS condition on an affected device. The vulnerability is due to improper...

CVE-2018-12415 TIBCO Enterprise Message Service Vulnerable to CSRF Attacks

The Central Administration server emsca component of TIBCO Software Inc.'s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contains a vulnerability which may allow an attacker to perform cross-site...

CVE-2018-12415

The CVE-2018-12415 entry describes a CSRF vulnerability in the Central Administration server (emsca) used by TIBCO EMS, including EMS 8.4.0 and earlier across the standard, Community, and Developer editions. Root cause: CSRF vulnerability in the emsca component could theoretically allow an attack...

CVE-2018-12415

The Central Administration server emsca component of TIBCO Software Inc.'s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contains a vulnerability which may allow an attacker to perform cross-site...

Cross site request forgery (csrf)

The Central Administration server emsca component of TIBCO Software Inc.'s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contains a vulnerability which may allow an attacker to perform cross-site...

CVE-2018-12415

The Central Administration server emsca component of TIBCO Software Inc.'s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contains a vulnerability which may allow an attacker to perform cross-site...

CVE-2018-9362

In processMessagePart of InboundSmsHandler.java, there is a possible remote denial of service due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions:...

CVE-2017-17175

Short Message Service SMS module of Mate 9 Pro Huawei smart phones with the versions before LON-AL00B 8.0.0.354C00 has a Denial of Service DoS vulnerability. An unauthenticated attacker may set up a pseudo base station, and send special malware text message to the phone, causing the mobile phone ...

Security Bulletin: IBM Tivoli Netcool Impact affected by OpenSource Apache ActiveMQ Vulnerability (CVE-2015-5254)

Summary IBM Tivoli Netcool Impact has addressed the OpenSource Apache ActiveMQ Vulnerability. Vulnerability Details CVEID: CVE-2015-5254 DESCRIPTION: Apache ActiveMQ could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the classes that can be...

Security Bulletin: OpenSource Apache ActiveMQ Vulnerability identified with Jazz for Service Management (JazzSM) v1.1.3 (CVE-2015-5254)

Summary OpenSource Apache ActiveMQ Vulnerability identified with Jazz for Service Management v1.1.3 Vulnerability Details CVEID: CVE-2015-5254 DESCRIPTION: Apache ActiveMQ could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the classes that can...

Artemis: Deserialization of untrusted input vulnerability

It was found that use of a JMS ObjectMessage does not safely handle user supplied data when deserializing objects. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage...