Vulnerability CVE-2008-1703


Published: 2008-04-11   Modified: 2012-02-12

Description:
Multiple buffer overflows in TIBCO Software Rendezvous before 8.1.0, as used in multiple TIBCO products, allow remote attackers to execute arbitrary code via a crafted message.

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

Vendor: Tibco
Product: Rendezvous 
Version: 8.10;
Product: Runtime agent 
Version: 5.5.4;
Product: HAWK 
Version: 4.8.0;
Product: Adapter files z os 
Version: 4.4.1;
Product: Substantiation es 
Version: 2.4.0;
Product: Rendezvous datasecurity 
Version: 2.1.6;
Product: Rendezvous tx 
Version: 2.04;
Product: Iprocess engine 
Version:
10.6.1
10.6.0
10.6
10.5
10.4.1
10.4
10.3.5
10.3.4
10.3.3
10.3.2
10.3.1
10.3.0

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://xforce.iss.net/xforce/xfdb/41760
http://www.vupen.com/english/advisories/2008/1190/references
http://www.vupen.com/english/advisories/2008/1189/references
http://www.tibco.com/resources/mk/rendezvous_security_advisory_20080409.txt
http://www.securitytracker.com/id?1019826
http://www.securityfocus.com/bid/28717
http://www.osvdb.org/44269
http://secunia.com/advisories/29774

Related CVE
CVE-2019-11212
The MDM server component of TIBCO Software Inc's TIBCO MDM contains multiple vulnerabilities that theoretically allow an authenticated user with specific roles to perform cross-site scripting (XSS) attacks. This issue affects TIBCO Software Inc.'s TI...
CVE-2019-11211
The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an authenticated user to trigger remote code e...
CVE-2019-11210
The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an unauthenticated user to bypass access contr...
CVE-2019-11209
The realm configuration component of TIBCO Software Inc.'s TIBCO FTL Community Edition, TIBCO FTL Developer Edition, TIBCO FTL Enterprise Edition contains a vulnerability that theoretically fails to properly enforce access controls. This issue affect...
CVE-2019-11207
The web server component of TIBCO Software Inc.'s TIBCO LogLogic Enterprise Virtual Appliance, and TIBCO LogLogic Log Management Intelligence contains multiple vulnerabilities that theoretically allow persistent and reflected cross-site scripting (XS...
CVE-2019-11208
The authorization component of TIBCO Software Inc.'s TIBCO API Exchange Gateway, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically processes OAuth authorization incorrectly, leading to pot...
CVE-2019-11206
The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains vulnerabilities that theoretically allow a malicious user to undermine the integrity of comments and boo...
CVE-2019-11205
The web server component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains vulnerabilities that theoretically allow reflected cross-site scripting (XSS) attacks. Affected releases are T...

Copyright 2019, cxsecurity.com

 

Back to Top