CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
High
EPSS
Percentile
92.9%
TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted requests that control loop operations related to memory.
Vendor | Product | Version | CPE |
---|---|---|---|
tibco | enterprise_message_service | 4.0.0 | cpe:2.3:a:tibco:enterprise_message_service:4.0.0:*:*:*:*:*:*:* |
tibco | enterprise_message_service | 4.1.0 | cpe:2.3:a:tibco:enterprise_message_service:4.1.0:*:*:*:*:*:*:* |
tibco | enterprise_message_service | 4.2.0 | cpe:2.3:a:tibco:enterprise_message_service:4.2.0:*:*:*:*:*:*:* |
tibco | enterprise_message_service | 4.3.0 | cpe:2.3:a:tibco:enterprise_message_service:4.3.0:*:*:*:*:*:*:* |
tibco | enterprise_message_service | 4.4.0 | cpe:2.3:a:tibco:enterprise_message_service:4.4.0:*:*:*:*:*:*:* |
tibco | enterprise_message_service | 4.4.1 | cpe:2.3:a:tibco:enterprise_message_service:4.4.1:*:*:*:*:*:*:* |
tibco | rtworks | * | cpe:2.3:a:tibco:rtworks:*:*:*:*:*:*:*:* |
tibco | smartsockets_rtserver | * | cpe:2.3:a:tibco:smartsockets_rtserver:*:*:*:*:*:*:*:* |
labs.idefense.com/intelligence/vulnerabilities/display.php?id=641
secunia.com/advisories/28490
securitytracker.com/id?1019193
www.securityfocus.com/bid/27293
www.tibco.com/mk/advisory.jsp
www.tibco.com/resources/mk/ems_security_advisory_20080115.txt
www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt
www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt
www.vupen.com/english/advisories/2008/0173
exchange.xforce.ibmcloud.com/vulnerabilities/39708