Lucene search

MitreCVE-2008-1704

HistoryApr 11, 2008 - 10:05 a.m.

CVE-2008-1704

2008-04-1110:05:00

CWE-119

mitre

web.nvd.nist.gov

cve-2008-1704

tibco software

enterprise message service

ems

iprocess engine

buffer overflow

remote code execution

security vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.7

Confidence

Low

EPSS

0.081

Percentile

94.4%

JSON

Multiple buffer overflows in TIBCO Software Enterprise Message Service (EMS) before 4.4.3, and iProcess Engine 10.6.0 through 10.6.1, allow remote attackers to execute arbitrary code via a crafted message to the EMS server.

Affected configurations

Nvd

Node

tibcoenterprise_message_serviceRange≤4.4.2

tibcoenterprise_message_serviceMatch4.0.0

tibcoenterprise_message_serviceMatch4.1.0

tibcoenterprise_message_serviceMatch4.2.0

tibcoenterprise_message_serviceMatch4.3.0

tibcoenterprise_message_serviceMatch4.4.0

tibcoenterprise_message_serviceMatch4.4.1

tibcoiprocess_engineMatch10.6.0

tibcoiprocess_engineMatch10.6.1

VendorProductVersionCPE
tibcoenterprise_message_service*cpe:2.3:a:tibco:enterprise_message_service:*:*:*:*:*:*:*:*
tibcoenterprise_message_service4.0.0cpe:2.3:a:tibco:enterprise_message_service:4.0.0:*:*:*:*:*:*:*
tibcoenterprise_message_service4.1.0cpe:2.3:a:tibco:enterprise_message_service:4.1.0:*:*:*:*:*:*:*
tibcoenterprise_message_service4.2.0cpe:2.3:a:tibco:enterprise_message_service:4.2.0:*:*:*:*:*:*:*
tibcoenterprise_message_service4.3.0cpe:2.3:a:tibco:enterprise_message_service:4.3.0:*:*:*:*:*:*:*
tibcoenterprise_message_service4.4.0cpe:2.3:a:tibco:enterprise_message_service:4.4.0:*:*:*:*:*:*:*
tibcoenterprise_message_service4.4.1cpe:2.3:a:tibco:enterprise_message_service:4.4.1:*:*:*:*:*:*:*
tibcoiprocess_engine10.6.0cpe:2.3:a:tibco:iprocess_engine:10.6.0:*:*:*:*:*:*:*
tibcoiprocess_engine10.6.1cpe:2.3:a:tibco:iprocess_engine:10.6.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tibco	enterprise_message_service	*	cpe:2.3:a:tibco:enterprise_message_service::::::::
tibco	enterprise_message_service	4.0.0	cpe:2.3:a:tibco:enterprise_message_service:4.0.0:::::::*
tibco	enterprise_message_service	4.1.0	cpe:2.3:a:tibco:enterprise_message_service:4.1.0:::::::*
tibco	enterprise_message_service	4.2.0	cpe:2.3:a:tibco:enterprise_message_service:4.2.0:::::::*
tibco	enterprise_message_service	4.3.0	cpe:2.3:a:tibco:enterprise_message_service:4.3.0:::::::*
tibco	enterprise_message_service	4.4.0	cpe:2.3:a:tibco:enterprise_message_service:4.4.0:::::::*
tibco	enterprise_message_service	4.4.1	cpe:2.3:a:tibco:enterprise_message_service:4.4.1:::::::*
tibco	iprocess_engine	10.6.0	cpe:2.3:a:tibco:iprocess_engine:10.6.0:::::::*
tibco	iprocess_engine	10.6.1	cpe:2.3:a:tibco:iprocess_engine:10.6.1:::::::*

References

secunia.com/advisories/29775

www.securityfocus.com/bid/28717

www.securitytracker.com/id?1019826

www.tibco.com/resources/mk/ems_security_advisory_20080409.txt

www.vupen.com/english/advisories/2008/1190/references

exchange.xforce.ibmcloud.com/vulnerabilities/41761

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.7

Confidence

Low

EPSS

0.081

Percentile

94.4%

JSON

Related for CVE-2008-1704