Search criteria
27 vulnerabilities found for runtime_agent by tibco
FKIE_CVE-2023-26219
Vulnerability from fkie_nvd - Published: 2023-10-25 18:17 - Updated: 2024-11-21 07:50
Severity ?
7.4 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
The Hawk Console and Hawk Agent components of TIBCO Software Inc.'s TIBCO Hawk, TIBCO Hawk Distribution for TIBCO Silver Fabric, TIBCO Operational Intelligence Hawk RedTail, and TIBCO Runtime Agent contain a vulnerability that theoretically allows an attacker with access to the Hawk Console’s and Agent’s log to obtain credentials used to access associated EMS servers. Affected releases are TIBCO Software Inc.'s TIBCO Hawk: versions 6.2.2 and below, TIBCO Hawk Distribution for TIBCO Silver Fabric: versions 6.2.2 and below, TIBCO Operational Intelligence Hawk RedTail: versions 7.2.1 and below, and TIBCO Runtime Agent: versions 5.12.2 and below.
References
| URL | Tags | ||
|---|---|---|---|
| security@tibco.com | https://www.tibco.com/services/support/advisories | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tibco.com/services/support/advisories | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tibco | hawk | * | |
| tibco | hawk_distribution_for_tibco_silver_fabric | * | |
| tibco | operational_intelligence_hawk_redtail | * | |
| tibco | runtime_agent | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:hawk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "70ED7033-C96D-4814-9164-DC348E84CFE0",
"versionEndExcluding": "6.2.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:hawk_distribution_for_tibco_silver_fabric:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EBE1AEFA-F6B8-4F8C-A206-173615F3DB6B",
"versionEndExcluding": "6.2.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:operational_intelligence_hawk_redtail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDD911A-77F3-49EC-9C00-40A502D6E5CF",
"versionEndExcluding": "7.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:runtime_agent:*:*:*:*:*:*:*:*",
"matchCriteriaId": "327E3ACF-96C9-475F-96A7-07F951A926CC",
"versionEndExcluding": "5.12.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Hawk Console and Hawk Agent components of TIBCO Software Inc.\u0027s TIBCO Hawk, TIBCO Hawk Distribution for TIBCO Silver Fabric, TIBCO Operational Intelligence Hawk RedTail, and TIBCO Runtime Agent contain a vulnerability that theoretically allows an attacker with access to the Hawk Console\u2019s and Agent\u2019s log to obtain credentials used to access associated EMS servers. Affected releases are TIBCO Software Inc.\u0027s TIBCO Hawk: versions 6.2.2 and below, TIBCO Hawk Distribution for TIBCO Silver Fabric: versions 6.2.2 and below, TIBCO Operational Intelligence Hawk RedTail: versions 7.2.1 and below, and TIBCO Runtime Agent: versions 5.12.2 and below.\n\n"
},
{
"lang": "es",
"value": "Los componentes Hawk Console y Hawk Agent de TIBCO Hawk de TIBCO Software Inc., TIBCO Hawk Distribution para TIBCO Silver Fabric, TIBCO Operational Intelligence Hawk RedTail y TIBCO Runtime Agent contienen una vulnerabilidad que te\u00f3ricamente permite a un atacante acceder al log de Hawk Console y Hawk Agent para obtener las credenciales utilizadas para acceder a los servidores EMS asociados. Las versiones afectadas son TIBCO Hawk de TIBCO Software Inc.: versiones 6.2.2 y siguientes, TIBCO Hawk Distribution para TIBCO Silver Fabric: versiones 6.2.2 y siguientes, TIBCO Operational Intelligence Hawk RedTail: versiones 7.2.1 y siguientes y TIBCO Runtime Agente: versiones 5.12.2 y anteriores."
}
],
"id": "CVE-2023-26219",
"lastModified": "2024-11-21T07:50:56.447",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0,
"source": "security@tibco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-25T18:17:25.143",
"references": [
{
"source": "security@tibco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.tibco.com/services/support/advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.tibco.com/services/support/advisories"
}
],
"sourceIdentifier": "security@tibco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-28827
Vulnerability from fkie_nvd - Published: 2021-04-20 19:15 - Updated: 2024-11-21 06:00
Severity ?
9.6 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L
9.6 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
9.6 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Summary
The Administration GUI component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition for z/Linux, TIBCO Administrator - Enterprise Edition for z/Linux, TIBCO Runtime Agent, TIBCO Runtime Agent, TIBCO Runtime Agent for z/Linux, and TIBCO Runtime Agent for z/Linux contains an easily exploitable vulnerability that allows an unauthenticated attacker to social engineer a legitimate user with network access to execute a Stored XSS attack targeting the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition: versions 5.11.0 and 5.11.1, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric: versions 5.11.0 and 5.11.1, TIBCO Administrator - Enterprise Edition for z/Linux: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition for z/Linux: versions 5.11.0 and 5.11.1, TIBCO Runtime Agent: versions 5.10.2 and below, TIBCO Runtime Agent: versions 5.11.0 and 5.11.1, TIBCO Runtime Agent for z/Linux: versions 5.10.2 and below, and TIBCO Runtime Agent for z/Linux: versions 5.11.0 and 5.11.1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tibco | administrator | * | |
| tibco | administrator | * | |
| tibco | administrator | * | |
| tibco | administrator | 5.11.0 | |
| tibco | administrator | 5.11.0 | |
| tibco | administrator | 5.11.0 | |
| tibco | administrator | 5.11.1 | |
| tibco | administrator | 5.11.1 | |
| tibco | administrator | 5.11.1 | |
| tibco | runtime_agent | * | |
| tibco | runtime_agent | * | |
| tibco | runtime_agent | 5.11.0 | |
| tibco | runtime_agent | 5.11.0 | |
| tibco | runtime_agent | 5.11.1 | |
| tibco | runtime_agent | 5.11.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:administrator:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "CCCCD52B-6905-41BD-83D9-A4B800E76BAB",
"versionEndIncluding": "5.10.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:administrator:*:*:*:*:enterprise:silver_fabric:*:*",
"matchCriteriaId": "CF92E468-2FFA-4F3E-BC61-CFFC059627D9",
"versionEndIncluding": "5.10.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:administrator:*:*:*:*:enterprise:z\\/linux:*:*",
"matchCriteriaId": "DA9D9C2C-1FCE-45E1-AB7A-9586C25A8969",
"versionEndIncluding": "5.10.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:administrator:5.11.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "C9291FEA-0386-42EF-94A6-20E599171D4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:administrator:5.11.0:*:*:*:enterprise:silver_fabric:*:*",
"matchCriteriaId": "EF42B5B6-2CCD-4124-8DAB-252912F413A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:administrator:5.11.0:*:*:*:enterprise:z\\/linux:*:*",
"matchCriteriaId": "A9D79741-41D8-44E7-9CD7-D3DEFE98CF57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:administrator:5.11.1:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "CE3C501F-2CEB-4300-9430-E2AB43009E74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:administrator:5.11.1:*:*:*:enterprise:silver_fabric:*:*",
"matchCriteriaId": "CC01905D-D082-4EDF-BF82-FB69ED80664A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:administrator:5.11.1:*:*:*:enterprise:z\\/linux:*:*",
"matchCriteriaId": "CC640410-CCFC-4B10-AF30-157F60ABF751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:runtime_agent:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71C3F347-702D-4D65-BDCC-7AC931C6736C",
"versionEndIncluding": "5.10.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:runtime_agent:*:*:*:*:*:z\\/linux:*:*",
"matchCriteriaId": "FCAFA333-6F13-48A0-8F08-4479AB3A9DDF",
"versionEndIncluding": "5.10.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:runtime_agent:5.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DC0EB030-30DA-47D4-B504-0D7C4BE71D26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:runtime_agent:5.11.0:*:*:*:*:z\\/linux:*:*",
"matchCriteriaId": "4EA0CB29-1E8E-454A-9801-065543A1C772",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:runtime_agent:5.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CEC7BD88-60FE-4855-9E2C-D45E09E10C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:runtime_agent:5.11.1:*:*:*:*:z\\/linux:*:*",
"matchCriteriaId": "4D588876-1E36-44BE-BFAC-76E1EDC7D771",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Administration GUI component of TIBCO Software Inc.\u0027s TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition for z/Linux, TIBCO Administrator - Enterprise Edition for z/Linux, TIBCO Runtime Agent, TIBCO Runtime Agent, TIBCO Runtime Agent for z/Linux, and TIBCO Runtime Agent for z/Linux contains an easily exploitable vulnerability that allows an unauthenticated attacker to social engineer a legitimate user with network access to execute a Stored XSS attack targeting the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.\u0027s TIBCO Administrator - Enterprise Edition: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition: versions 5.11.0 and 5.11.1, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric: versions 5.11.0 and 5.11.1, TIBCO Administrator - Enterprise Edition for z/Linux: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition for z/Linux: versions 5.11.0 and 5.11.1, TIBCO Runtime Agent: versions 5.10.2 and below, TIBCO Runtime Agent: versions 5.11.0 and 5.11.1, TIBCO Runtime Agent for z/Linux: versions 5.10.2 and below, and TIBCO Runtime Agent for z/Linux: versions 5.11.0 and 5.11.1."
},
{
"lang": "es",
"value": "El componente GUI de Administraci\u00f3n de TIBCO Administrator - Enterprise Edition., TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition Distribution para TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition Distribution para TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition para z/Linux, TIBCO Administrator - Enterprise Edition para z/Linux, TIBCO Runtime Agent, TIBCO Runtime Agent, TIBCO Runtime Agent para z/Linux y TIBCO Runtime Agent para z/Linux de TIBCO Inc, contiene una vulnerabilidad f\u00e1cilmente explotable que permite a un atacante no autenticado hacer ingenier\u00eda social a un usuario leg\u00edtimo con acceso a la red para ejecutar un ataque de tipo XSS Almacenado dirigido al sistema afectado.\u0026#xa0;Un ataque con \u00e9xito que utilice esta vulnerabilidad requiere una interacci\u00f3n humana de una persona diferente del atacante. Las versiones afectadas son: TIBCO Administrator - Enterprise Edition: versiones 5.10.2 y por debajo, TIBCO Administrator - Enterprise Edition: versiones 5.11.0 y 5.11.1, TIBCO Administrator - Enterprise Edition Distribution para TIBCO Silver Fabric: versiones 5.10.2 y por debajo, TIBCO Administrator - Enterprise Edition Distribution para TIBCO Silver Fabric: versiones 5.11.0 y 5.11.1, TIBCO Administrator - Enterprise Edition para z/Linux: versiones 5.10.2 y por debajo, TIBCO Administrator - Enterprise Edition para z/Linux: versiones 5.11.0 y 5.11.1, TIBCO Runtime Agent: versiones 5.10.2 y por debajo, TIBCO Runtime Agent: versiones 5.11.0 y 5.11.1, TIBCO Runtime Agent para z/Linux: versiones 5.10.2 y por debajo, y TIBCO Runtime Agent para z/Linux: versiones 5.11.0 y 5.11.1, de TIBCO Software Inc"
}
],
"id": "CVE-2021-28827",
"lastModified": "2024-11-21T06:00:16.823",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0,
"source": "security@tibco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-20T19:15:09.537",
"references": [
{
"source": "security@tibco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"source": "security@tibco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.tibco.com/support/advisories/2021/04/tibco-security-advisory-april-20-2021-tibco-administrator-2021-28827"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.tibco.com/support/advisories/2021/04/tibco-security-advisory-april-20-2021-tibco-administrator-2021-28827"
}
],
"sourceIdentifier": "security@tibco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-5434
Vulnerability from fkie_nvd - Published: 2018-06-13 13:29 - Updated: 2024-11-21 04:08
Severity ?
5.8 (Medium) - CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
The TIBCO Designer component of TIBCO Software Inc.'s TIBCO Runtime Agent, and TIBCO Runtime Agent for z/Linux contains vulnerabilities wherein a malicious user could perform XML external entity expansion (XXE) attacks to disclose host machine information. Affected releases are TIBCO Software Inc.'s TIBCO Runtime Agent: versions up to and including 5.10.0, and TIBCO Runtime Agent for z/Linux: versions up to and including 5.9.1.
References
| URL | Tags | ||
|---|---|---|---|
| security@tibco.com | http://www.securityfocus.com/bid/104454 | Third Party Advisory, VDB Entry | |
| security@tibco.com | https://www.tibco.com/support/advisories/2018/06/security-advisory-june-12-2018-tibco-runtime-agent-2018-5434 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104454 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tibco.com/support/advisories/2018/06/security-advisory-june-12-2018-tibco-runtime-agent-2018-5434 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tibco | runtime_agent | * | |
| tibco | runtime_agent | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:runtime_agent:*:*:*:*:*:linux_kernel:*:*",
"matchCriteriaId": "0A802CB6-1598-4B66-BD9B-62B8A09FB4F0",
"versionEndIncluding": "5.9.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:runtime_agent:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2DDBDB18-32A4-450E-B20C-2463B97BE9DD",
"versionEndIncluding": "5.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The TIBCO Designer component of TIBCO Software Inc.\u0027s TIBCO Runtime Agent, and TIBCO Runtime Agent for z/Linux contains vulnerabilities wherein a malicious user could perform XML external entity expansion (XXE) attacks to disclose host machine information. Affected releases are TIBCO Software Inc.\u0027s TIBCO Runtime Agent: versions up to and including 5.10.0, and TIBCO Runtime Agent for z/Linux: versions up to and including 5.9.1."
},
{
"lang": "es",
"value": "El componente TIBCO Designer de TIBCO Runtime Agent y TIBCO Runtime Agent para z/Linux, de TIBCO Software Inc., contiene vulnerabilidades por las que un usuario malicioso podr\u00eda realizar ataques de XEE (XML External Entity) para revelar informaci\u00f3n de la m\u00e1quina host. Las versiones afectadas de los productos de TIBCO Software Inc. son TIBCO Runtime Agent: hasta e incluyendo la versi\u00f3n 5.10.0 y TIBCO Runtime Agent para z/Linux: hasta e incluyendo la versi\u00f3n 5.9.1."
}
],
"id": "CVE-2018-5434",
"lastModified": "2024-11-21T04:08:47.693",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.3,
"impactScore": 4.0,
"source": "security@tibco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-13T13:29:00.517",
"references": [
{
"source": "security@tibco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104454"
},
{
"source": "security@tibco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.tibco.com/support/advisories/2018/06/security-advisory-june-12-2018-tibco-runtime-agent-2018-5434"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104454"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.tibco.com/support/advisories/2018/06/security-advisory-june-12-2018-tibco-runtime-agent-2018-5434"
}
],
"sourceIdentifier": "security@tibco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-0649
Vulnerability from fkie_nvd - Published: 2011-02-04 01:00 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple unspecified vulnerabilities in TIBCO Rendezvous 8.2.1 through 8.3.0, Enterprise Message Service (EMS) 5.1.0 through 6.0.0, Runtime Agent (TRA) 5.6.2 through 5.7.0, Silver BPM Service before 1.0.4, Silver CAP Service vebefore 1.0.2, and Silver BusinessWorks Service 1.0.0, when running on Unix systems, allow local users to gain root privileges via unknown vectors related to SUID and (1) Rendezvous Routing Daemon (rvrd), (2) Rendezvous Secure Daemon (rvsd), (3) Rendezvous Secure Routing Daemon (rvsrd), and (4) EMS Server (tibemsd).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tibco | rendezvous | 8.2.1 | |
| tibco | rendezvous | 8.3.0 | |
| tibco | enterprise_message_service | 5.1.0 | |
| tibco | enterprise_message_service | 5.1.1 | |
| tibco | enterprise_message_service | 6.0.0 | |
| tibco | runtime_agent | 5.6.2 | |
| tibco | runtime_agent | 5.7.0 | |
| tibco | silver_bpm_service | * | |
| tibco | silver_bpm_service | 1.0.1 | |
| tibco | silver_cap_service | * | |
| tibco | silver_cap_service | 1.0.0 | |
| tibco | silver_businessworks_service | 1.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:rendezvous:8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F0710D6E-07FF-49D9-82D1-028BF906AF01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:rendezvous:8.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "34040A6F-6C22-4011-A3F3-AD2F38CC468F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:enterprise_message_service:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F468D346-2F24-4110-80B6-5CBD315A2512",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:enterprise_message_service:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "42F68C2C-7225-4C40-8007-BE7EB1314DA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:enterprise_message_service:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "74DBD571-4FF4-4BE8-9916-5D377973A9B7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:runtime_agent:5.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2BFC4B07-1F93-4FAD-BCD9-7F43A4F6EF22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:runtime_agent:5.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B7618B53-911E-4746-B2C2-AD25A369042C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:silver_bpm_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D30468F9-43C5-4DB6-B9E8-B35CB83E84EB",
"versionEndIncluding": "1.0.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:silver_bpm_service:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CF339B05-7165-4D1B-BB4B-DB72E7D1A0F9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:silver_cap_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5658A988-61B8-4B19-A2AA-09305CBD4E3B",
"versionEndIncluding": "1.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:silver_cap_service:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5E886566-E2FF-4453-8400-DEE39E3852DC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:silver_businessworks_service:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3BD0099C-BB54-4AEF-AC04-DDF49B335AF6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in TIBCO Rendezvous 8.2.1 through 8.3.0, Enterprise Message Service (EMS) 5.1.0 through 6.0.0, Runtime Agent (TRA) 5.6.2 through 5.7.0, Silver BPM Service before 1.0.4, Silver CAP Service vebefore 1.0.2, and Silver BusinessWorks Service 1.0.0, when running on Unix systems, allow local users to gain root privileges via unknown vectors related to SUID and (1) Rendezvous Routing Daemon (rvrd), (2) Rendezvous Secure Daemon (rvsd), (3) Rendezvous Secure Routing Daemon (rvsrd), and (4) EMS Server (tibemsd)."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades no especificadas en Rendezvous versiones 8.2.1 hasta 8.3.0, Enterprise Message Service (EMS) versiones 5.1.0 hasta 6.0.0, Runtime Agent (TRA) versiones 5.6.2 hasta 5.7.0, Silver BPM Service anterior a versi\u00f3n 1.0.4, Silver CAP Service anterior a versi\u00f3n 1.0.2 y Silver BusinessWorks Service versi\u00f3n 1.0.0, de TIBCO, cuando son ejecutados en sistemas Unix, permiten a los usuarios locales alcanzar privilegios root por medio de vectores desconocidos relacionados con el SUID y (1) Demonio de Enrutamiento de Rendezvous (rvrd), (2) Demonio de Seguridad de Rendezvous (rvsd), (3) Demonio de Enrutamiento de Seguridad de Rendezvous (rvsrd), y (4) Servidor EMS (tibemsd)."
}
],
"evaluatorComment": "Per: http://www.tibco.com/multimedia/rv_ems_security_advisory_20110201_tcm8-13185.txt\r\n\r\n\u0027TIBCO Rendezvous and EMS components listed above contain a SUID\r\n vulnerability which could potentially grant unauthorized root access\r\n to an attacker on Unix-based systems.\u0027\r\n",
"evaluatorImpact": "Per: http://www.tibco.com/multimedia/rv_ems_security_advisory_20110201_tcm8-13185.txt\r\n\r\n\u0027On Unix-based systems a successful attack will result in a privilege\r\n escalation to root, granting the attacker full administrative control\r\n of the host.\u0027\r\n",
"id": "CVE-2011-0649",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-02-04T01:00:08.323",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43160"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43174"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/46104"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/multimedia/rv_ems_security_advisory_20110201_tcm8-13185.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0269"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43160"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43174"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/46104"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/multimedia/rv_ems_security_advisory_20110201_tcm8-13185.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0269"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65105"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2010-0184
Vulnerability from fkie_nvd - Published: 2010-01-14 19:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
The (1) domainutility and (2) domainutilitycmd components in TIBCO Domain Utility in TIBCO Runtime Agent (TRA) before 5.6.2, as used in TIBCO ActiveMatrix BusinessWorks and other products, set weak permissions on domain properties files, which allows local users to obtain domain administrator credentials, and gain privileges on all domain systems, via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tibco | runtime_agent | * | |
| tibco | runtime_agent | 5.4.0 | |
| tibco | runtime_agent | 5.5.3 | |
| tibco | runtime_agent | 5.5.4 | |
| tibco | runtime_agent | 5.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:runtime_agent:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB0D5A21-4A21-4DFF-9549-109039252387",
"versionEndIncluding": "5.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:runtime_agent:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0A6C4A47-FBEF-4171-9C97-FFAD45ACB263",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:runtime_agent:5.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "19E9CA44-31F3-48B2-834A-36F792A71761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:runtime_agent:5.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A60DB3FE-F502-4A8E-A669-3837109A2211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:runtime_agent:5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DCE75BE6-19FE-442D-80C1-87003D62786C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The (1) domainutility and (2) domainutilitycmd components in TIBCO Domain Utility in TIBCO Runtime Agent (TRA) before 5.6.2, as used in TIBCO ActiveMatrix BusinessWorks and other products, set weak permissions on domain properties files, which allows local users to obtain domain administrator credentials, and gain privileges on all domain systems, via unspecified vectors."
},
{
"lang": "es",
"value": "Los componentes (1)domainutility y (2)domainutilitycmd en TIBCO Domain Utility en TIBCO Runtime Agent (TRA) anterior a v5.6.2, usado en TIBCO ActiveMatrix BusinessWorks y otros productos, establece permisos d\u00e9biles sobre los archivos de propiedades del dominio, lo que permite a usuarios locales, obtener credenciales de administrador, y obtener privilegios sobre todos lo sistemas, a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2010-0184",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-01-14T19:30:00.483",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38191"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/37805"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"source": "cve@mitre.org",
"url": "http://www.tibco.com/multimedia/security_advisory_runtime_agent_20100113_tcm8-10392.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0128"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38191"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/37805"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.tibco.com/multimedia/security_advisory_runtime_agent_20100113_tcm8-10392.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0128"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-3338
Vulnerability from fkie_nvd - Published: 2008-08-13 22:41 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple buffer overflows in TIBCO Hawk (1) AMI C library (libtibhawkami) and (2) Hawk HMA (tibhawkhma), as used in TIBCO Hawk before 4.8.1; Runtime Agent (TRA) before 5.6.0; iProcess Engine 10.3.0 through 10.6.2 and 11.0.0; and Mainframe Service Tracker before 1.1.0 might allow remote attackers to execute arbitrary code via a crafted message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tibco | hawk | * | |
| tibco | hawk | 4.6.0 | |
| tibco | hawk | 4.6.1 | |
| tibco | hawk | 4.7 | |
| tibco | iprocess_engine | 10.3.0 | |
| tibco | iprocess_engine | 10.3.1 | |
| tibco | iprocess_engine | 10.3.2 | |
| tibco | iprocess_engine | 10.3.3 | |
| tibco | iprocess_engine | 10.3.4 | |
| tibco | iprocess_engine | 10.3.5 | |
| tibco | iprocess_engine | 10.4 | |
| tibco | iprocess_engine | 10.4.1 | |
| tibco | iprocess_engine | 10.5 | |
| tibco | iprocess_engine | 10.6 | |
| tibco | iprocess_engine | 10.6.0 | |
| tibco | iprocess_engine | 10.6.1 | |
| tibco | iprocess_engine | 10.6.2 | |
| tibco | iprocess_engine | 11.0 | |
| tibco | mainframe_service_tracker | * | |
| tibco | runtime_agent | * | |
| tibco | runtime_agent | 5.3 | |
| tibco | runtime_agent | 5.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:hawk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FB4C18E-D1AD-4064-949A-D00A2A4B41BC",
"versionEndIncluding": "4.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:hawk:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F540B195-58CD-4491-9D4F-9BCB87F696AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:hawk:4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C85CA6D7-B286-4CC0-A05F-01EEFC653780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:hawk:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B985F703-24AC-4CD5-AF58-C03D071CA4F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:iprocess_engine:10.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F085498D-67C1-43D2-AAA2-35BA8AF1998E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:iprocess_engine:10.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7E90A12B-BEB4-4F51-B4D2-BA0DB127CE05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:iprocess_engine:10.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EBF898A2-46AA-4A79-8D85-2C34174AD44E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:iprocess_engine:10.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5B9388D9-CC97-487B-864C-F8FA9BFF7306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:iprocess_engine:10.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "389EDDD9-4EFC-4B11-A3B9-C3BCD8D4DBAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:iprocess_engine:10.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9CCBA1D2-6FDF-4D6F-9316-9B6F3A9BD50A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:iprocess_engine:10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F45470DC-9C5C-4CBE-8DFD-FE49008A0D14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:iprocess_engine:10.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "50CFE4BA-00B8-4334-9B67-0A4276F5FCEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:iprocess_engine:10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "900BB34F-1533-4D53-904D-78E3D6EF3ED5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:iprocess_engine:10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "94FDFA30-E50A-4AD1-81F6-39E58DCCC515",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:iprocess_engine:10.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF6D5769-8FE2-4923-94EE-92619D8D086A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:iprocess_engine:10.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C65C714C-91B8-4665-B9BD-699BE318EDA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:iprocess_engine:10.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0832F843-1C4E-42D3-9FF0-935B93E221A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:iprocess_engine:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F054EC47-12B5-45B9-A526-B2EBEEB2378B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:mainframe_service_tracker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C09CA1D8-63C8-4104-9971-F02F524233D0",
"versionEndIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:runtime_agent:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F939E999-5F16-430E-B960-965C25576D10",
"versionEndIncluding": "5.5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:runtime_agent:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "ACF12C0E-8768-4A03-B56B-D635076B01C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:runtime_agent:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0A6C4A47-FBEF-4171-9C97-FFAD45ACB263",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in TIBCO Hawk (1) AMI C library (libtibhawkami) and (2) Hawk HMA (tibhawkhma), as used in TIBCO Hawk before 4.8.1; Runtime Agent (TRA) before 5.6.0; iProcess Engine 10.3.0 through 10.6.2 and 11.0.0; and Mainframe Service Tracker before 1.1.0 might allow remote attackers to execute arbitrary code via a crafted message."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de b\u00fafer en TIBCO Hawk (1) la librer\u00eda AMI C (libtibhawkami) y (2) Hawk HMA (tibhawkhma), como se usan en TIBCO Hawk antes de 4.8.1; Runtime Agent (TRA) anterior a 5.6.0; iProcess Engine de 10.3.0 a 10.6.2 y 11.0.0; y Mainframe Service Tracker anterior a 1.1.0 podr\u00eda permitir a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un mensaje manipulado."
}
],
"id": "CVE-2008-3338",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-08-13T22:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31618"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/30836"
},
{
"source": "cve@mitre.org",
"url": "http://www.tibco.com/resources/mk/hawk_security_advisory_20080729.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2448"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44604"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31618"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/30836"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.tibco.com/resources/mk/hawk_security_advisory_20080729.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2448"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44604"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-1703
Vulnerability from fkie_nvd - Published: 2008-04-11 10:05 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple buffer overflows in TIBCO Software Rendezvous before 8.1.0, as used in multiple TIBCO products, allow remote attackers to execute arbitrary code via a crafted message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tibco | adapter_files_z_os | * | |
| tibco | hawk | * | |
| tibco | iprocess_engine | 10.3.0 | |
| tibco | iprocess_engine | 10.3.1 | |
| tibco | iprocess_engine | 10.3.2 | |
| tibco | iprocess_engine | 10.3.3 | |
| tibco | iprocess_engine | 10.3.4 | |
| tibco | iprocess_engine | 10.3.5 | |
| tibco | iprocess_engine | 10.4 | |
| tibco | iprocess_engine | 10.4.1 | |
| tibco | iprocess_engine | 10.5 | |
| tibco | iprocess_engine | 10.6 | |
| tibco | iprocess_engine | 10.6.0 | |
| tibco | iprocess_engine | 10.6.1 | |
| tibco | rendezvous | * | |
| tibco | rendezvous_datasecurity | * | |
| tibco | rendezvous_tx | * | |
| tibco | runtime_agent | * | |
| tibco | substantiation_es | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:adapter_files_z_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46E74B55-ED15-4EA1-8AAC-8BB98798A1DC",
"versionEndIncluding": "4.4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:hawk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FB4C18E-D1AD-4064-949A-D00A2A4B41BC",
"versionEndIncluding": "4.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:iprocess_engine:10.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F085498D-67C1-43D2-AAA2-35BA8AF1998E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:iprocess_engine:10.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7E90A12B-BEB4-4F51-B4D2-BA0DB127CE05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:iprocess_engine:10.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EBF898A2-46AA-4A79-8D85-2C34174AD44E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:iprocess_engine:10.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5B9388D9-CC97-487B-864C-F8FA9BFF7306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:iprocess_engine:10.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "389EDDD9-4EFC-4B11-A3B9-C3BCD8D4DBAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:iprocess_engine:10.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9CCBA1D2-6FDF-4D6F-9316-9B6F3A9BD50A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:iprocess_engine:10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F45470DC-9C5C-4CBE-8DFD-FE49008A0D14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:iprocess_engine:10.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "50CFE4BA-00B8-4334-9B67-0A4276F5FCEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:iprocess_engine:10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "900BB34F-1533-4D53-904D-78E3D6EF3ED5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:iprocess_engine:10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "94FDFA30-E50A-4AD1-81F6-39E58DCCC515",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:iprocess_engine:10.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF6D5769-8FE2-4923-94EE-92619D8D086A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:iprocess_engine:10.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C65C714C-91B8-4665-B9BD-699BE318EDA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:rendezvous:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17CFBB43-82E9-4E7F-938C-B11B6425D3DC",
"versionEndIncluding": "8.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:rendezvous_datasecurity:*:*:*:*:*:*:*:*",
"matchCriteriaId": "413BBA07-5D7E-4E2F-9D1D-E26E2511FE74",
"versionEndIncluding": "2.1.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:rendezvous_tx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0E28E2-852E-4872-BED1-C17BE83DC75B",
"versionEndIncluding": "2.04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:runtime_agent:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F939E999-5F16-430E-B960-965C25576D10",
"versionEndIncluding": "5.5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:substantiation_es:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA8B1410-F4D3-475E-AF5B-BFBDBD0982DF",
"versionEndIncluding": "2.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in TIBCO Software Rendezvous before 8.1.0, as used in multiple TIBCO products, allow remote attackers to execute arbitrary code via a crafted message."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de b\u00fafer en TIBCO Software Rendezvous anterior a 8.1.0., utilizado en m\u00faltiples productos TIBCO,permitena atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un mensaje manipulado."
}
],
"id": "CVE-2008-1703",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-04-11T10:05:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29774"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/44269"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28717"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019826"
},
{
"source": "cve@mitre.org",
"url": "http://www.tibco.com/resources/mk/rendezvous_security_advisory_20080409.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1189/references"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1190/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41760"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29774"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/44269"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28717"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019826"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.tibco.com/resources/mk/rendezvous_security_advisory_20080409.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1189/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1190/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41760"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-2830
Vulnerability from fkie_nvd - Published: 2006-06-05 20:06 - Updated: 2025-04-03 01:03
Severity ?
Summary
Buffer overflow in TIBCO Rendezvous before 7.5.1, TIBCO Runtime Agent (TRA) before 5.4, and Hawk before 4.6.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the HTTP administrative interface.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tibco | hawk | 4.6.1 | |
| tibco | rendezvous | 7.5.1 | |
| tibco | runtime_agent | 5.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:hawk:4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C85CA6D7-B286-4CC0-A05F-01EEFC653780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:rendezvous:7.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B20531C-A4CB-4196-AC66-C485CB618858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:runtime_agent:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "ACF12C0E-8768-4A03-B56B-D635076B01C8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in TIBCO Rendezvous before 7.5.1, TIBCO Runtime Agent (TRA) before 5.4, and Hawk before 4.6.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the HTTP administrative interface."
}
],
"id": "CVE-2006-2830",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-06-05T20:06:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20452"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016145"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/999884"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/18301"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.tibco.com/resources/mk/rendezvous_security_advisory.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/2155"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26939"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20452"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016145"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/999884"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/18301"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.tibco.com/resources/mk/rendezvous_security_advisory.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/2155"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26939"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-2829
Vulnerability from fkie_nvd - Published: 2006-06-05 20:06 - Updated: 2025-04-03 01:03
Severity ?
Summary
Buffer overflow in Hawk Monitoring Agent (HMA) for TIBCO Hawk before 4.6.1 and TIBCO Runtime Agent (TRA) before 5.4 allows authenticated users to execute arbitrary code via the configuration for tibhawkhma.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tibco | hawk | 4.6.0 | |
| tibco | hawk_monitoring_agent | * | |
| tibco | runtime_agent | 5.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:hawk:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F540B195-58CD-4491-9D4F-9BCB87F696AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:hawk_monitoring_agent:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B63E05C-0726-4C19-A80E-A2CFDA8FA887",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:runtime_agent:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "ACF12C0E-8768-4A03-B56B-D635076B01C8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Hawk Monitoring Agent (HMA) for TIBCO Hawk before 4.6.1 and TIBCO Runtime Agent (TRA) before 5.4 allows authenticated users to execute arbitrary code via the configuration for tibhawkhma."
}
],
"id": "CVE-2006-2829",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.1,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-06-05T20:06:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20431"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016223"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/620516"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/18300"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.tibco.com/resources/mk/hawk_security_advisory.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/2156"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26938"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20431"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016223"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/620516"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/18300"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.tibco.com/resources/mk/hawk_security_advisory.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/2156"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26938"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2023-26219 (GCVE-0-2023-26219)
Vulnerability from cvelistv5 – Published: 2023-10-24 21:56 – Updated: 2024-09-11 17:07
VLAI?
Summary
The Hawk Console and Hawk Agent components of TIBCO Software Inc.'s TIBCO Hawk, TIBCO Hawk Distribution for TIBCO Silver Fabric, TIBCO Operational Intelligence Hawk RedTail, and TIBCO Runtime Agent contain a vulnerability that theoretically allows an attacker with access to the Hawk Console’s and Agent’s log to obtain credentials used to access associated EMS servers. Affected releases are TIBCO Software Inc.'s TIBCO Hawk: versions 6.2.2 and below, TIBCO Hawk Distribution for TIBCO Silver Fabric: versions 6.2.2 and below, TIBCO Operational Intelligence Hawk RedTail: versions 7.2.1 and below, and TIBCO Runtime Agent: versions 5.12.2 and below.
Severity ?
7.4 (High)
CWE
- The impact of this vulnerability includes the theoretical possibility that an attacker could access the message stream of the EMS server, or in the worst case, gain administrative access to the server.
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Hawk |
Affected:
0 , ≤ 6.2.2
(semver)
|
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:46:23.339Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.tibco.com/services/support/advisories"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-26219",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-11T17:07:16.001862Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:07:46.968Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "TIBCO Hawk",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "6.2.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TIBCO Hawk Distribution for TIBCO Silver Fabric",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "6.2.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TIBCO Operational Intelligence Hawk RedTail",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.2.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TIBCO Runtime Agent",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "5.12.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe Hawk Console and Hawk Agent components of TIBCO Software Inc.\u0027s TIBCO Hawk, TIBCO Hawk Distribution for TIBCO Silver Fabric, TIBCO Operational Intelligence Hawk RedTail, and TIBCO Runtime Agent contain a vulnerability that theoretically allows an attacker with access to the Hawk Console\u2019s and Agent\u2019s log to obtain credentials used to access associated EMS servers. Affected releases are TIBCO Software Inc.\u0027s TIBCO Hawk: versions 6.2.2 and below, TIBCO Hawk Distribution for TIBCO Silver Fabric: versions 6.2.2 and below, TIBCO Operational Intelligence Hawk RedTail: versions 7.2.1 and below, and TIBCO Runtime Agent: versions 5.12.2 and below.\u003c/p\u003e"
}
],
"value": "The Hawk Console and Hawk Agent components of TIBCO Software Inc.\u0027s TIBCO Hawk, TIBCO Hawk Distribution for TIBCO Silver Fabric, TIBCO Operational Intelligence Hawk RedTail, and TIBCO Runtime Agent contain a vulnerability that theoretically allows an attacker with access to the Hawk Console\u2019s and Agent\u2019s log to obtain credentials used to access associated EMS servers. Affected releases are TIBCO Software Inc.\u0027s TIBCO Hawk: versions 6.2.2 and below, TIBCO Hawk Distribution for TIBCO Silver Fabric: versions 6.2.2 and below, TIBCO Operational Intelligence Hawk RedTail: versions 7.2.1 and below, and TIBCO Runtime Agent: versions 5.12.2 and below.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the theoretical possibility that an attacker could access the message stream of the EMS server, or in the worst case, gain administrative access to the server.",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T21:56:50.294Z",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"url": "https://www.tibco.com/services/support/advisories"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTIBCO has released updated versions of the affected components which address these issues.\u003c/p\u003e\u003cp\u003eTIBCO Hawk versions 6.2.2 and below: update to version 6.2.3 or later\u003c/p\u003e\u003cp\u003eTIBCO Hawk Distribution for TIBCO Silver Fabric versions 6.2.2 and below: update to version 6.2.3 or later\u003c/p\u003e\u003cp\u003eTIBCO Operational Intelligence Hawk RedTail versions 7.2.1 and below: update to version 7.2.2 or later\u003c/p\u003e\u003cp\u003eTIBCO Runtime Agent versions 5.12.2 and below: update to version 5.12.3 or later\u003c/p\u003e"
}
],
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Hawk versions 6.2.2 and below: update to version 6.2.3 or later\n\nTIBCO Hawk Distribution for TIBCO Silver Fabric versions 6.2.2 and below: update to version 6.2.3 or later\n\nTIBCO Operational Intelligence Hawk RedTail versions 7.2.1 and below: update to version 7.2.2 or later\n\nTIBCO Runtime Agent versions 5.12.2 and below: update to version 5.12.3 or later\n\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "TIBCO Operational Intelligence Hawk RedTail Credential Exposure Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2023-26219",
"datePublished": "2023-10-24T21:56:50.294Z",
"dateReserved": "2023-02-20T22:18:23.427Z",
"dateUpdated": "2024-09-11T17:07:46.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28827 (GCVE-0-2021-28827)
Vulnerability from cvelistv5 – Published: 2021-04-20 18:30 – Updated: 2024-09-16 16:32
VLAI?
Summary
The Administration GUI component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition for z/Linux, TIBCO Administrator - Enterprise Edition for z/Linux, TIBCO Runtime Agent, TIBCO Runtime Agent, TIBCO Runtime Agent for z/Linux, and TIBCO Runtime Agent for z/Linux contains an easily exploitable vulnerability that allows an unauthenticated attacker to social engineer a legitimate user with network access to execute a Stored XSS attack targeting the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition: versions 5.11.0 and 5.11.1, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric: versions 5.11.0 and 5.11.1, TIBCO Administrator - Enterprise Edition for z/Linux: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition for z/Linux: versions 5.11.0 and 5.11.1, TIBCO Runtime Agent: versions 5.10.2 and below, TIBCO Runtime Agent: versions 5.11.0 and 5.11.1, TIBCO Runtime Agent for z/Linux: versions 5.10.2 and below, and TIBCO Runtime Agent for z/Linux: versions 5.11.0 and 5.11.1.
Severity ?
9.6 (Critical)
CWE
- In the worst case, if the victim is a privileged administrator successful execution of this vulnerability can result in an attacker gaining full administrative access to the affected system.
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:55:12.093Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2021/04/tibco-security-advisory-april-20-2021-tibco-administrator-2021-28827"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Administrator - Enterprise Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "5.10.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Administrator - Enterprise Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "5.11.0"
},
{
"status": "affected",
"version": "5.11.1"
}
]
},
{
"product": "TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "5.10.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "5.11.0"
},
{
"status": "affected",
"version": "5.11.1"
}
]
},
{
"product": "TIBCO Administrator - Enterprise Edition for z/Linux",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "5.10.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Administrator - Enterprise Edition for z/Linux",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "5.11.0"
},
{
"status": "affected",
"version": "5.11.1"
}
]
},
{
"product": "TIBCO Runtime Agent",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "5.10.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Runtime Agent",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "5.11.0"
},
{
"status": "affected",
"version": "5.11.1"
}
]
},
{
"product": "TIBCO Runtime Agent for z/Linux",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "5.10.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Runtime Agent for z/Linux",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "5.11.0"
},
{
"status": "affected",
"version": "5.11.1"
}
]
}
],
"datePublic": "2021-04-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Administration GUI component of TIBCO Software Inc.\u0027s TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition for z/Linux, TIBCO Administrator - Enterprise Edition for z/Linux, TIBCO Runtime Agent, TIBCO Runtime Agent, TIBCO Runtime Agent for z/Linux, and TIBCO Runtime Agent for z/Linux contains an easily exploitable vulnerability that allows an unauthenticated attacker to social engineer a legitimate user with network access to execute a Stored XSS attack targeting the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.\u0027s TIBCO Administrator - Enterprise Edition: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition: versions 5.11.0 and 5.11.1, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric: versions 5.11.0 and 5.11.1, TIBCO Administrator - Enterprise Edition for z/Linux: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition for z/Linux: versions 5.11.0 and 5.11.1, TIBCO Runtime Agent: versions 5.10.2 and below, TIBCO Runtime Agent: versions 5.11.0 and 5.11.1, TIBCO Runtime Agent for z/Linux: versions 5.10.2 and below, and TIBCO Runtime Agent for z/Linux: versions 5.11.0 and 5.11.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "In the worst case, if the victim is a privileged administrator successful execution of this vulnerability can result in an attacker gaining full administrative access to the affected system.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-20T19:06:16",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2021/04/tibco-security-advisory-april-20-2021-tibco-administrator-2021-28827"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Administrator - Enterprise Edition versions 5.10.2 and below update to version 5.10.3 or higher\nTIBCO Administrator - Enterprise Edition versions 5.11.0 and 5.11.1 update to version 5.11.2 or higher\nTIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric versions 5.10.2 and below update to version 5.10.3 or higher\nTIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric versions 5.11.0 and 5.11.1 update to version 5.11.2 or higher\nTIBCO Administrator - Enterprise Edition for z/Linux versions 5.10.2 and below update to version 5.10.3 or higher\nTIBCO Administrator - Enterprise Edition for z/Linux versions 5.11.0 and 5.11.1 update to version 5.11.2 or higher\nTIBCO Runtime Agent versions 5.10.2 and below update to version 5.10.3 or higher\nTIBCO Runtime Agent versions 5.11.0 and 5.11.1 update to version 5.11.2 or higher\nTIBCO Runtime Agent for z/Linux versions 5.10.2 and below update to version 5.10.3 or higher\nTIBCO Runtime Agent for z/Linux versions 5.11.0 and 5.11.1 update to version 5.11.2 or higher"
}
],
"source": {
"discovery": "USER"
},
"title": "TIBCO Administrator Stored Cross Site Scripting vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2021-04-20T17:00:00Z",
"ID": "CVE-2021-28827",
"STATE": "PUBLIC",
"TITLE": "TIBCO Administrator Stored Cross Site Scripting vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Administrator - Enterprise Edition",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "5.10.2"
}
]
}
},
{
"product_name": "TIBCO Administrator - Enterprise Edition",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.11.0"
},
{
"version_affected": "=",
"version_value": "5.11.1"
}
]
}
},
{
"product_name": "TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "5.10.2"
}
]
}
},
{
"product_name": "TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.11.0"
},
{
"version_affected": "=",
"version_value": "5.11.1"
}
]
}
},
{
"product_name": "TIBCO Administrator - Enterprise Edition for z/Linux",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "5.10.2"
}
]
}
},
{
"product_name": "TIBCO Administrator - Enterprise Edition for z/Linux",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.11.0"
},
{
"version_affected": "=",
"version_value": "5.11.1"
}
]
}
},
{
"product_name": "TIBCO Runtime Agent",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "5.10.2"
}
]
}
},
{
"product_name": "TIBCO Runtime Agent",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.11.0"
},
{
"version_affected": "=",
"version_value": "5.11.1"
}
]
}
},
{
"product_name": "TIBCO Runtime Agent for z/Linux",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "5.10.2"
}
]
}
},
{
"product_name": "TIBCO Runtime Agent for z/Linux",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.11.0"
},
{
"version_affected": "=",
"version_value": "5.11.1"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Administration GUI component of TIBCO Software Inc.\u0027s TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition for z/Linux, TIBCO Administrator - Enterprise Edition for z/Linux, TIBCO Runtime Agent, TIBCO Runtime Agent, TIBCO Runtime Agent for z/Linux, and TIBCO Runtime Agent for z/Linux contains an easily exploitable vulnerability that allows an unauthenticated attacker to social engineer a legitimate user with network access to execute a Stored XSS attack targeting the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.\u0027s TIBCO Administrator - Enterprise Edition: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition: versions 5.11.0 and 5.11.1, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric: versions 5.11.0 and 5.11.1, TIBCO Administrator - Enterprise Edition for z/Linux: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition for z/Linux: versions 5.11.0 and 5.11.1, TIBCO Runtime Agent: versions 5.10.2 and below, TIBCO Runtime Agent: versions 5.11.0 and 5.11.1, TIBCO Runtime Agent for z/Linux: versions 5.10.2 and below, and TIBCO Runtime Agent for z/Linux: versions 5.11.0 and 5.11.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "In the worst case, if the victim is a privileged administrator successful execution of this vulnerability can result in an attacker gaining full administrative access to the affected system."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2021/04/tibco-security-advisory-april-20-2021-tibco-administrator-2021-28827",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2021/04/tibco-security-advisory-april-20-2021-tibco-administrator-2021-28827"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Administrator - Enterprise Edition versions 5.10.2 and below update to version 5.10.3 or higher\nTIBCO Administrator - Enterprise Edition versions 5.11.0 and 5.11.1 update to version 5.11.2 or higher\nTIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric versions 5.10.2 and below update to version 5.10.3 or higher\nTIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric versions 5.11.0 and 5.11.1 update to version 5.11.2 or higher\nTIBCO Administrator - Enterprise Edition for z/Linux versions 5.10.2 and below update to version 5.10.3 or higher\nTIBCO Administrator - Enterprise Edition for z/Linux versions 5.11.0 and 5.11.1 update to version 5.11.2 or higher\nTIBCO Runtime Agent versions 5.10.2 and below update to version 5.10.3 or higher\nTIBCO Runtime Agent versions 5.11.0 and 5.11.1 update to version 5.11.2 or higher\nTIBCO Runtime Agent for z/Linux versions 5.10.2 and below update to version 5.10.3 or higher\nTIBCO Runtime Agent for z/Linux versions 5.11.0 and 5.11.1 update to version 5.11.2 or higher"
}
],
"source": {
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2021-28827",
"datePublished": "2021-04-20T18:30:17.130237Z",
"dateReserved": "2021-03-18T00:00:00",
"dateUpdated": "2024-09-16T16:32:29.141Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5434 (GCVE-0-2018-5434)
Vulnerability from cvelistv5 – Published: 2018-06-13 13:00 – Updated: 2024-09-16 20:31
VLAI?
Summary
The TIBCO Designer component of TIBCO Software Inc.'s TIBCO Runtime Agent, and TIBCO Runtime Agent for z/Linux contains vulnerabilities wherein a malicious user could perform XML external entity expansion (XXE) attacks to disclose host machine information. Affected releases are TIBCO Software Inc.'s TIBCO Runtime Agent: versions up to and including 5.10.0, and TIBCO Runtime Agent for z/Linux: versions up to and including 5.9.1.
Severity ?
5.8 (Medium)
CWE
- The impact of the vulnerability includes the theoretical possibility of disclosing contents of files on the host machine that are accessible to the operating system account used to run the affected component.
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Runtime Agent |
Affected:
unspecified , ≤ 5.10.0
(custom)
|
|||||||
|
|||||||||
Credits
TIBCO would like to extend its appreciation to Baker Hamilton at Bishop Fox for discovery of this vulnerability.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:44.337Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104454",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104454"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2018/06/security-advisory-june-12-2018-tibco-runtime-agent-2018-5434"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Runtime Agent",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "5.10.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Runtime Agent for z/Linux",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "5.9.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "TIBCO would like to extend its appreciation to Baker Hamilton at Bishop Fox for discovery of this vulnerability."
}
],
"datePublic": "2018-06-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The TIBCO Designer component of TIBCO Software Inc.\u0027s TIBCO Runtime Agent, and TIBCO Runtime Agent for z/Linux contains vulnerabilities wherein a malicious user could perform XML external entity expansion (XXE) attacks to disclose host machine information. Affected releases are TIBCO Software Inc.\u0027s TIBCO Runtime Agent: versions up to and including 5.10.0, and TIBCO Runtime Agent for z/Linux: versions up to and including 5.9.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of the vulnerability includes the theoretical possibility of disclosing contents of files on the host machine that are accessible to the operating system account used to run the affected component.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-14T09:57:01",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"name": "104454",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104454"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2018/06/security-advisory-june-12-2018-tibco-runtime-agent-2018-5434"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO Runtime Agent versions 5.10.0 and below update to version 5.10.1 or higher\nTIBCO Runtime Agent for z/Linux versions 5.9.1 and below update to version 5.10.1 or higher"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "XML eXternal Entity Expansion Vulnerabilities with TIBCO Runtime Agent",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2018-06-12T16:00:00.000Z",
"ID": "CVE-2018-5434",
"STATE": "PUBLIC",
"TITLE": "XML eXternal Entity Expansion Vulnerabilities with TIBCO Runtime Agent"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Runtime Agent",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "5.10.0"
}
]
}
},
{
"product_name": "TIBCO Runtime Agent for z/Linux",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "5.9.1"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "TIBCO would like to extend its appreciation to Baker Hamilton at Bishop Fox for discovery of this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TIBCO Designer component of TIBCO Software Inc.\u0027s TIBCO Runtime Agent, and TIBCO Runtime Agent for z/Linux contains vulnerabilities wherein a malicious user could perform XML external entity expansion (XXE) attacks to disclose host machine information. Affected releases are TIBCO Software Inc.\u0027s TIBCO Runtime Agent: versions up to and including 5.10.0, and TIBCO Runtime Agent for z/Linux: versions up to and including 5.9.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of the vulnerability includes the theoretical possibility of disclosing contents of files on the host machine that are accessible to the operating system account used to run the affected component."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104454",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104454"
},
{
"name": "https://www.tibco.com/support/advisories/2018/06/security-advisory-june-12-2018-tibco-runtime-agent-2018-5434",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2018/06/security-advisory-june-12-2018-tibco-runtime-agent-2018-5434"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO Runtime Agent versions 5.10.0 and below update to version 5.10.1 or higher\nTIBCO Runtime Agent for z/Linux versions 5.9.1 and below update to version 5.10.1 or higher"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2018-5434",
"datePublished": "2018-06-13T13:00:00Z",
"dateReserved": "2018-01-12T00:00:00",
"dateUpdated": "2024-09-16T20:31:50.987Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0649 (GCVE-0-2011-0649)
Vulnerability from cvelistv5 – Published: 2011-02-04 00:00 – Updated: 2024-08-06 21:58
VLAI?
Summary
Multiple unspecified vulnerabilities in TIBCO Rendezvous 8.2.1 through 8.3.0, Enterprise Message Service (EMS) 5.1.0 through 6.0.0, Runtime Agent (TRA) 5.6.2 through 5.7.0, Silver BPM Service before 1.0.4, Silver CAP Service vebefore 1.0.2, and Silver BusinessWorks Service 1.0.0, when running on Unix systems, allow local users to gain root privileges via unknown vectors related to SUID and (1) Rendezvous Routing Daemon (rvrd), (2) Rendezvous Secure Daemon (rvsd), (3) Rendezvous Secure Routing Daemon (rvsrd), and (4) EMS Server (tibemsd).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:58:26.051Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43174",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43174"
},
{
"name": "43160",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43160"
},
{
"name": "ADV-2011-0269",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0269"
},
{
"name": "46104",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46104"
},
{
"name": "tibco-suid-privilege-escalation(65105)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65105"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/multimedia/rv_ems_security_advisory_20110201_tcm8-13185.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in TIBCO Rendezvous 8.2.1 through 8.3.0, Enterprise Message Service (EMS) 5.1.0 through 6.0.0, Runtime Agent (TRA) 5.6.2 through 5.7.0, Silver BPM Service before 1.0.4, Silver CAP Service vebefore 1.0.2, and Silver BusinessWorks Service 1.0.0, when running on Unix systems, allow local users to gain root privileges via unknown vectors related to SUID and (1) Rendezvous Routing Daemon (rvrd), (2) Rendezvous Secure Daemon (rvsd), (3) Rendezvous Secure Routing Daemon (rvsrd), and (4) EMS Server (tibemsd)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "43174",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43174"
},
{
"name": "43160",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43160"
},
{
"name": "ADV-2011-0269",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0269"
},
{
"name": "46104",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46104"
},
{
"name": "tibco-suid-privilege-escalation(65105)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65105"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/multimedia/rv_ems_security_advisory_20110201_tcm8-13185.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0649",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in TIBCO Rendezvous 8.2.1 through 8.3.0, Enterprise Message Service (EMS) 5.1.0 through 6.0.0, Runtime Agent (TRA) 5.6.2 through 5.7.0, Silver BPM Service before 1.0.4, Silver CAP Service vebefore 1.0.2, and Silver BusinessWorks Service 1.0.0, when running on Unix systems, allow local users to gain root privileges via unknown vectors related to SUID and (1) Rendezvous Routing Daemon (rvrd), (2) Rendezvous Secure Daemon (rvsd), (3) Rendezvous Secure Routing Daemon (rvsrd), and (4) EMS Server (tibemsd)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43174",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43174"
},
{
"name": "43160",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43160"
},
{
"name": "ADV-2011-0269",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0269"
},
{
"name": "46104",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46104"
},
{
"name": "tibco-suid-privilege-escalation(65105)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65105"
},
{
"name": "http://www.tibco.com/multimedia/rv_ems_security_advisory_20110201_tcm8-13185.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/multimedia/rv_ems_security_advisory_20110201_tcm8-13185.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0649",
"datePublished": "2011-02-04T00:00:00",
"dateReserved": "2011-01-25T00:00:00",
"dateUpdated": "2024-08-06T21:58:26.051Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0184 (GCVE-0-2010-0184)
Vulnerability from cvelistv5 – Published: 2010-01-14 19:00 – Updated: 2024-09-16 16:58
VLAI?
Summary
The (1) domainutility and (2) domainutilitycmd components in TIBCO Domain Utility in TIBCO Runtime Agent (TRA) before 5.6.2, as used in TIBCO ActiveMatrix BusinessWorks and other products, set weak permissions on domain properties files, which allows local users to obtain domain administrator credentials, and gain privileges on all domain systems, via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:37:54.113Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/multimedia/security_advisory_runtime_agent_20100113_tcm8-10392.txt"
},
{
"name": "37805",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37805"
},
{
"name": "ADV-2010-0128",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0128"
},
{
"name": "38191",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38191"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/mk/advisory.jsp"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The (1) domainutility and (2) domainutilitycmd components in TIBCO Domain Utility in TIBCO Runtime Agent (TRA) before 5.6.2, as used in TIBCO ActiveMatrix BusinessWorks and other products, set weak permissions on domain properties files, which allows local users to obtain domain administrator credentials, and gain privileges on all domain systems, via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-01-14T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/multimedia/security_advisory_runtime_agent_20100113_tcm8-10392.txt"
},
{
"name": "37805",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37805"
},
{
"name": "ADV-2010-0128",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0128"
},
{
"name": "38191",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38191"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/mk/advisory.jsp"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0184",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) domainutility and (2) domainutilitycmd components in TIBCO Domain Utility in TIBCO Runtime Agent (TRA) before 5.6.2, as used in TIBCO ActiveMatrix BusinessWorks and other products, set weak permissions on domain properties files, which allows local users to obtain domain administrator credentials, and gain privileges on all domain systems, via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/multimedia/security_advisory_runtime_agent_20100113_tcm8-10392.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/multimedia/security_advisory_runtime_agent_20100113_tcm8-10392.txt"
},
{
"name": "37805",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37805"
},
{
"name": "ADV-2010-0128",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0128"
},
{
"name": "38191",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38191"
},
{
"name": "http://www.tibco.com/mk/advisory.jsp",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/mk/advisory.jsp"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0184",
"datePublished": "2010-01-14T19:00:00Z",
"dateReserved": "2010-01-06T00:00:00Z",
"dateUpdated": "2024-09-16T16:58:40.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3338 (GCVE-0-2008-3338)
Vulnerability from cvelistv5 – Published: 2008-08-13 22:00 – Updated: 2024-08-07 09:37
VLAI?
Summary
Multiple buffer overflows in TIBCO Hawk (1) AMI C library (libtibhawkami) and (2) Hawk HMA (tibhawkhma), as used in TIBCO Hawk before 4.8.1; Runtime Agent (TRA) before 5.6.0; iProcess Engine 10.3.0 through 10.6.2 and 11.0.0; and Mainframe Service Tracker before 1.1.0 might allow remote attackers to execute arbitrary code via a crafted message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:37:26.835Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-2448",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2448"
},
{
"name": "tibcohawk-amiclibrary-hawkhma-bo(44604)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44604"
},
{
"name": "31618",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31618"
},
{
"name": "30836",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30836"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/resources/mk/hawk_security_advisory_20080729.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in TIBCO Hawk (1) AMI C library (libtibhawkami) and (2) Hawk HMA (tibhawkhma), as used in TIBCO Hawk before 4.8.1; Runtime Agent (TRA) before 5.6.0; iProcess Engine 10.3.0 through 10.6.2 and 11.0.0; and Mainframe Service Tracker before 1.1.0 might allow remote attackers to execute arbitrary code via a crafted message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-2448",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2448"
},
{
"name": "tibcohawk-amiclibrary-hawkhma-bo(44604)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44604"
},
{
"name": "31618",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31618"
},
{
"name": "30836",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30836"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/resources/mk/hawk_security_advisory_20080729.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3338",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in TIBCO Hawk (1) AMI C library (libtibhawkami) and (2) Hawk HMA (tibhawkhma), as used in TIBCO Hawk before 4.8.1; Runtime Agent (TRA) before 5.6.0; iProcess Engine 10.3.0 through 10.6.2 and 11.0.0; and Mainframe Service Tracker before 1.1.0 might allow remote attackers to execute arbitrary code via a crafted message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-2448",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2448"
},
{
"name": "tibcohawk-amiclibrary-hawkhma-bo(44604)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44604"
},
{
"name": "31618",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31618"
},
{
"name": "30836",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30836"
},
{
"name": "http://www.tibco.com/resources/mk/hawk_security_advisory_20080729.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/resources/mk/hawk_security_advisory_20080729.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3338",
"datePublished": "2008-08-13T22:00:00",
"dateReserved": "2008-07-27T00:00:00",
"dateUpdated": "2024-08-07T09:37:26.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1703 (GCVE-0-2008-1703)
Vulnerability from cvelistv5 – Published: 2008-04-11 10:00 – Updated: 2024-08-07 08:32
VLAI?
Summary
Multiple buffer overflows in TIBCO Software Rendezvous before 8.1.0, as used in multiple TIBCO products, allow remote attackers to execute arbitrary code via a crafted message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:32:01.300Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/resources/mk/rendezvous_security_advisory_20080409.txt"
},
{
"name": "1019826",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019826"
},
{
"name": "tibco-rendezvous-multiple-code-execution(41760)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41760"
},
{
"name": "44269",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/44269"
},
{
"name": "28717",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28717"
},
{
"name": "ADV-2008-1190",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1190/references"
},
{
"name": "29774",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29774"
},
{
"name": "ADV-2008-1189",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1189/references"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in TIBCO Software Rendezvous before 8.1.0, as used in multiple TIBCO products, allow remote attackers to execute arbitrary code via a crafted message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/resources/mk/rendezvous_security_advisory_20080409.txt"
},
{
"name": "1019826",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019826"
},
{
"name": "tibco-rendezvous-multiple-code-execution(41760)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41760"
},
{
"name": "44269",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/44269"
},
{
"name": "28717",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28717"
},
{
"name": "ADV-2008-1190",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1190/references"
},
{
"name": "29774",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29774"
},
{
"name": "ADV-2008-1189",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1189/references"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1703",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in TIBCO Software Rendezvous before 8.1.0, as used in multiple TIBCO products, allow remote attackers to execute arbitrary code via a crafted message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/resources/mk/rendezvous_security_advisory_20080409.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/resources/mk/rendezvous_security_advisory_20080409.txt"
},
{
"name": "1019826",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019826"
},
{
"name": "tibco-rendezvous-multiple-code-execution(41760)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41760"
},
{
"name": "44269",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/44269"
},
{
"name": "28717",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28717"
},
{
"name": "ADV-2008-1190",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1190/references"
},
{
"name": "29774",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29774"
},
{
"name": "ADV-2008-1189",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1189/references"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1703",
"datePublished": "2008-04-11T10:00:00",
"dateReserved": "2008-04-08T00:00:00",
"dateUpdated": "2024-08-07T08:32:01.300Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2830 (GCVE-0-2006-2830)
Vulnerability from cvelistv5 – Published: 2006-06-05 20:00 – Updated: 2024-08-07 18:06
VLAI?
Summary
Buffer overflow in TIBCO Rendezvous before 7.5.1, TIBCO Runtime Agent (TRA) before 5.4, and Hawk before 4.6.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the HTTP administrative interface.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:06:26.952Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#999884",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/999884"
},
{
"name": "tibco-rendezvous-admin-bo(26939)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26939"
},
{
"name": "1016145",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016145"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/resources/mk/rendezvous_security_advisory.txt"
},
{
"name": "20452",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20452"
},
{
"name": "18301",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18301"
},
{
"name": "ADV-2006-2155",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2155"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in TIBCO Rendezvous before 7.5.1, TIBCO Runtime Agent (TRA) before 5.4, and Hawk before 4.6.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the HTTP administrative interface."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#999884",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/999884"
},
{
"name": "tibco-rendezvous-admin-bo(26939)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26939"
},
{
"name": "1016145",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016145"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/resources/mk/rendezvous_security_advisory.txt"
},
{
"name": "20452",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20452"
},
{
"name": "18301",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18301"
},
{
"name": "ADV-2006-2155",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2155"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2830",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in TIBCO Rendezvous before 7.5.1, TIBCO Runtime Agent (TRA) before 5.4, and Hawk before 4.6.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the HTTP administrative interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#999884",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/999884"
},
{
"name": "tibco-rendezvous-admin-bo(26939)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26939"
},
{
"name": "1016145",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016145"
},
{
"name": "http://www.tibco.com/resources/mk/rendezvous_security_advisory.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/resources/mk/rendezvous_security_advisory.txt"
},
{
"name": "20452",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20452"
},
{
"name": "18301",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18301"
},
{
"name": "ADV-2006-2155",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2155"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2830",
"datePublished": "2006-06-05T20:00:00",
"dateReserved": "2006-06-05T00:00:00",
"dateUpdated": "2024-08-07T18:06:26.952Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2829 (GCVE-0-2006-2829)
Vulnerability from cvelistv5 – Published: 2006-06-05 20:00 – Updated: 2024-08-07 18:06
VLAI?
Summary
Buffer overflow in Hawk Monitoring Agent (HMA) for TIBCO Hawk before 4.6.1 and TIBCO Runtime Agent (TRA) before 5.4 allows authenticated users to execute arbitrary code via the configuration for tibhawkhma.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:06:26.969Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18300",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18300"
},
{
"name": "tibco-hawk-monagent-bo(26938)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26938"
},
{
"name": "20431",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20431"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/resources/mk/hawk_security_advisory.txt"
},
{
"name": "VU#620516",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/620516"
},
{
"name": "1016223",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016223"
},
{
"name": "ADV-2006-2156",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2156"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Hawk Monitoring Agent (HMA) for TIBCO Hawk before 4.6.1 and TIBCO Runtime Agent (TRA) before 5.4 allows authenticated users to execute arbitrary code via the configuration for tibhawkhma."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18300",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18300"
},
{
"name": "tibco-hawk-monagent-bo(26938)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26938"
},
{
"name": "20431",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20431"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/resources/mk/hawk_security_advisory.txt"
},
{
"name": "VU#620516",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/620516"
},
{
"name": "1016223",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016223"
},
{
"name": "ADV-2006-2156",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2156"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2829",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Hawk Monitoring Agent (HMA) for TIBCO Hawk before 4.6.1 and TIBCO Runtime Agent (TRA) before 5.4 allows authenticated users to execute arbitrary code via the configuration for tibhawkhma."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18300",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18300"
},
{
"name": "tibco-hawk-monagent-bo(26938)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26938"
},
{
"name": "20431",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20431"
},
{
"name": "http://www.tibco.com/resources/mk/hawk_security_advisory.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/resources/mk/hawk_security_advisory.txt"
},
{
"name": "VU#620516",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/620516"
},
{
"name": "1016223",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016223"
},
{
"name": "ADV-2006-2156",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2156"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2829",
"datePublished": "2006-06-05T20:00:00",
"dateReserved": "2006-06-05T00:00:00",
"dateUpdated": "2024-08-07T18:06:26.969Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26219 (GCVE-0-2023-26219)
Vulnerability from nvd – Published: 2023-10-24 21:56 – Updated: 2024-09-11 17:07
VLAI?
Summary
The Hawk Console and Hawk Agent components of TIBCO Software Inc.'s TIBCO Hawk, TIBCO Hawk Distribution for TIBCO Silver Fabric, TIBCO Operational Intelligence Hawk RedTail, and TIBCO Runtime Agent contain a vulnerability that theoretically allows an attacker with access to the Hawk Console’s and Agent’s log to obtain credentials used to access associated EMS servers. Affected releases are TIBCO Software Inc.'s TIBCO Hawk: versions 6.2.2 and below, TIBCO Hawk Distribution for TIBCO Silver Fabric: versions 6.2.2 and below, TIBCO Operational Intelligence Hawk RedTail: versions 7.2.1 and below, and TIBCO Runtime Agent: versions 5.12.2 and below.
Severity ?
7.4 (High)
CWE
- The impact of this vulnerability includes the theoretical possibility that an attacker could access the message stream of the EMS server, or in the worst case, gain administrative access to the server.
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Hawk |
Affected:
0 , ≤ 6.2.2
(semver)
|
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:46:23.339Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.tibco.com/services/support/advisories"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-26219",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-11T17:07:16.001862Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:07:46.968Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "TIBCO Hawk",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "6.2.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TIBCO Hawk Distribution for TIBCO Silver Fabric",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "6.2.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TIBCO Operational Intelligence Hawk RedTail",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.2.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TIBCO Runtime Agent",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "5.12.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe Hawk Console and Hawk Agent components of TIBCO Software Inc.\u0027s TIBCO Hawk, TIBCO Hawk Distribution for TIBCO Silver Fabric, TIBCO Operational Intelligence Hawk RedTail, and TIBCO Runtime Agent contain a vulnerability that theoretically allows an attacker with access to the Hawk Console\u2019s and Agent\u2019s log to obtain credentials used to access associated EMS servers. Affected releases are TIBCO Software Inc.\u0027s TIBCO Hawk: versions 6.2.2 and below, TIBCO Hawk Distribution for TIBCO Silver Fabric: versions 6.2.2 and below, TIBCO Operational Intelligence Hawk RedTail: versions 7.2.1 and below, and TIBCO Runtime Agent: versions 5.12.2 and below.\u003c/p\u003e"
}
],
"value": "The Hawk Console and Hawk Agent components of TIBCO Software Inc.\u0027s TIBCO Hawk, TIBCO Hawk Distribution for TIBCO Silver Fabric, TIBCO Operational Intelligence Hawk RedTail, and TIBCO Runtime Agent contain a vulnerability that theoretically allows an attacker with access to the Hawk Console\u2019s and Agent\u2019s log to obtain credentials used to access associated EMS servers. Affected releases are TIBCO Software Inc.\u0027s TIBCO Hawk: versions 6.2.2 and below, TIBCO Hawk Distribution for TIBCO Silver Fabric: versions 6.2.2 and below, TIBCO Operational Intelligence Hawk RedTail: versions 7.2.1 and below, and TIBCO Runtime Agent: versions 5.12.2 and below.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the theoretical possibility that an attacker could access the message stream of the EMS server, or in the worst case, gain administrative access to the server.",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T21:56:50.294Z",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"url": "https://www.tibco.com/services/support/advisories"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTIBCO has released updated versions of the affected components which address these issues.\u003c/p\u003e\u003cp\u003eTIBCO Hawk versions 6.2.2 and below: update to version 6.2.3 or later\u003c/p\u003e\u003cp\u003eTIBCO Hawk Distribution for TIBCO Silver Fabric versions 6.2.2 and below: update to version 6.2.3 or later\u003c/p\u003e\u003cp\u003eTIBCO Operational Intelligence Hawk RedTail versions 7.2.1 and below: update to version 7.2.2 or later\u003c/p\u003e\u003cp\u003eTIBCO Runtime Agent versions 5.12.2 and below: update to version 5.12.3 or later\u003c/p\u003e"
}
],
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Hawk versions 6.2.2 and below: update to version 6.2.3 or later\n\nTIBCO Hawk Distribution for TIBCO Silver Fabric versions 6.2.2 and below: update to version 6.2.3 or later\n\nTIBCO Operational Intelligence Hawk RedTail versions 7.2.1 and below: update to version 7.2.2 or later\n\nTIBCO Runtime Agent versions 5.12.2 and below: update to version 5.12.3 or later\n\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "TIBCO Operational Intelligence Hawk RedTail Credential Exposure Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2023-26219",
"datePublished": "2023-10-24T21:56:50.294Z",
"dateReserved": "2023-02-20T22:18:23.427Z",
"dateUpdated": "2024-09-11T17:07:46.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28827 (GCVE-0-2021-28827)
Vulnerability from nvd – Published: 2021-04-20 18:30 – Updated: 2024-09-16 16:32
VLAI?
Summary
The Administration GUI component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition for z/Linux, TIBCO Administrator - Enterprise Edition for z/Linux, TIBCO Runtime Agent, TIBCO Runtime Agent, TIBCO Runtime Agent for z/Linux, and TIBCO Runtime Agent for z/Linux contains an easily exploitable vulnerability that allows an unauthenticated attacker to social engineer a legitimate user with network access to execute a Stored XSS attack targeting the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition: versions 5.11.0 and 5.11.1, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric: versions 5.11.0 and 5.11.1, TIBCO Administrator - Enterprise Edition for z/Linux: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition for z/Linux: versions 5.11.0 and 5.11.1, TIBCO Runtime Agent: versions 5.10.2 and below, TIBCO Runtime Agent: versions 5.11.0 and 5.11.1, TIBCO Runtime Agent for z/Linux: versions 5.10.2 and below, and TIBCO Runtime Agent for z/Linux: versions 5.11.0 and 5.11.1.
Severity ?
9.6 (Critical)
CWE
- In the worst case, if the victim is a privileged administrator successful execution of this vulnerability can result in an attacker gaining full administrative access to the affected system.
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Administrator - Enterprise Edition |
Affected:
unspecified , ≤ 5.10.2
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:55:12.093Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2021/04/tibco-security-advisory-april-20-2021-tibco-administrator-2021-28827"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Administrator - Enterprise Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "5.10.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Administrator - Enterprise Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "5.11.0"
},
{
"status": "affected",
"version": "5.11.1"
}
]
},
{
"product": "TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "5.10.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "5.11.0"
},
{
"status": "affected",
"version": "5.11.1"
}
]
},
{
"product": "TIBCO Administrator - Enterprise Edition for z/Linux",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "5.10.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Administrator - Enterprise Edition for z/Linux",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "5.11.0"
},
{
"status": "affected",
"version": "5.11.1"
}
]
},
{
"product": "TIBCO Runtime Agent",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "5.10.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Runtime Agent",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "5.11.0"
},
{
"status": "affected",
"version": "5.11.1"
}
]
},
{
"product": "TIBCO Runtime Agent for z/Linux",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "5.10.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Runtime Agent for z/Linux",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "5.11.0"
},
{
"status": "affected",
"version": "5.11.1"
}
]
}
],
"datePublic": "2021-04-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Administration GUI component of TIBCO Software Inc.\u0027s TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition for z/Linux, TIBCO Administrator - Enterprise Edition for z/Linux, TIBCO Runtime Agent, TIBCO Runtime Agent, TIBCO Runtime Agent for z/Linux, and TIBCO Runtime Agent for z/Linux contains an easily exploitable vulnerability that allows an unauthenticated attacker to social engineer a legitimate user with network access to execute a Stored XSS attack targeting the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.\u0027s TIBCO Administrator - Enterprise Edition: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition: versions 5.11.0 and 5.11.1, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric: versions 5.11.0 and 5.11.1, TIBCO Administrator - Enterprise Edition for z/Linux: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition for z/Linux: versions 5.11.0 and 5.11.1, TIBCO Runtime Agent: versions 5.10.2 and below, TIBCO Runtime Agent: versions 5.11.0 and 5.11.1, TIBCO Runtime Agent for z/Linux: versions 5.10.2 and below, and TIBCO Runtime Agent for z/Linux: versions 5.11.0 and 5.11.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "In the worst case, if the victim is a privileged administrator successful execution of this vulnerability can result in an attacker gaining full administrative access to the affected system.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-20T19:06:16",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2021/04/tibco-security-advisory-april-20-2021-tibco-administrator-2021-28827"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Administrator - Enterprise Edition versions 5.10.2 and below update to version 5.10.3 or higher\nTIBCO Administrator - Enterprise Edition versions 5.11.0 and 5.11.1 update to version 5.11.2 or higher\nTIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric versions 5.10.2 and below update to version 5.10.3 or higher\nTIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric versions 5.11.0 and 5.11.1 update to version 5.11.2 or higher\nTIBCO Administrator - Enterprise Edition for z/Linux versions 5.10.2 and below update to version 5.10.3 or higher\nTIBCO Administrator - Enterprise Edition for z/Linux versions 5.11.0 and 5.11.1 update to version 5.11.2 or higher\nTIBCO Runtime Agent versions 5.10.2 and below update to version 5.10.3 or higher\nTIBCO Runtime Agent versions 5.11.0 and 5.11.1 update to version 5.11.2 or higher\nTIBCO Runtime Agent for z/Linux versions 5.10.2 and below update to version 5.10.3 or higher\nTIBCO Runtime Agent for z/Linux versions 5.11.0 and 5.11.1 update to version 5.11.2 or higher"
}
],
"source": {
"discovery": "USER"
},
"title": "TIBCO Administrator Stored Cross Site Scripting vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2021-04-20T17:00:00Z",
"ID": "CVE-2021-28827",
"STATE": "PUBLIC",
"TITLE": "TIBCO Administrator Stored Cross Site Scripting vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Administrator - Enterprise Edition",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "5.10.2"
}
]
}
},
{
"product_name": "TIBCO Administrator - Enterprise Edition",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.11.0"
},
{
"version_affected": "=",
"version_value": "5.11.1"
}
]
}
},
{
"product_name": "TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "5.10.2"
}
]
}
},
{
"product_name": "TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.11.0"
},
{
"version_affected": "=",
"version_value": "5.11.1"
}
]
}
},
{
"product_name": "TIBCO Administrator - Enterprise Edition for z/Linux",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "5.10.2"
}
]
}
},
{
"product_name": "TIBCO Administrator - Enterprise Edition for z/Linux",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.11.0"
},
{
"version_affected": "=",
"version_value": "5.11.1"
}
]
}
},
{
"product_name": "TIBCO Runtime Agent",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "5.10.2"
}
]
}
},
{
"product_name": "TIBCO Runtime Agent",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.11.0"
},
{
"version_affected": "=",
"version_value": "5.11.1"
}
]
}
},
{
"product_name": "TIBCO Runtime Agent for z/Linux",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "5.10.2"
}
]
}
},
{
"product_name": "TIBCO Runtime Agent for z/Linux",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.11.0"
},
{
"version_affected": "=",
"version_value": "5.11.1"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Administration GUI component of TIBCO Software Inc.\u0027s TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition for z/Linux, TIBCO Administrator - Enterprise Edition for z/Linux, TIBCO Runtime Agent, TIBCO Runtime Agent, TIBCO Runtime Agent for z/Linux, and TIBCO Runtime Agent for z/Linux contains an easily exploitable vulnerability that allows an unauthenticated attacker to social engineer a legitimate user with network access to execute a Stored XSS attack targeting the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.\u0027s TIBCO Administrator - Enterprise Edition: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition: versions 5.11.0 and 5.11.1, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric: versions 5.11.0 and 5.11.1, TIBCO Administrator - Enterprise Edition for z/Linux: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition for z/Linux: versions 5.11.0 and 5.11.1, TIBCO Runtime Agent: versions 5.10.2 and below, TIBCO Runtime Agent: versions 5.11.0 and 5.11.1, TIBCO Runtime Agent for z/Linux: versions 5.10.2 and below, and TIBCO Runtime Agent for z/Linux: versions 5.11.0 and 5.11.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "In the worst case, if the victim is a privileged administrator successful execution of this vulnerability can result in an attacker gaining full administrative access to the affected system."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2021/04/tibco-security-advisory-april-20-2021-tibco-administrator-2021-28827",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2021/04/tibco-security-advisory-april-20-2021-tibco-administrator-2021-28827"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Administrator - Enterprise Edition versions 5.10.2 and below update to version 5.10.3 or higher\nTIBCO Administrator - Enterprise Edition versions 5.11.0 and 5.11.1 update to version 5.11.2 or higher\nTIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric versions 5.10.2 and below update to version 5.10.3 or higher\nTIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric versions 5.11.0 and 5.11.1 update to version 5.11.2 or higher\nTIBCO Administrator - Enterprise Edition for z/Linux versions 5.10.2 and below update to version 5.10.3 or higher\nTIBCO Administrator - Enterprise Edition for z/Linux versions 5.11.0 and 5.11.1 update to version 5.11.2 or higher\nTIBCO Runtime Agent versions 5.10.2 and below update to version 5.10.3 or higher\nTIBCO Runtime Agent versions 5.11.0 and 5.11.1 update to version 5.11.2 or higher\nTIBCO Runtime Agent for z/Linux versions 5.10.2 and below update to version 5.10.3 or higher\nTIBCO Runtime Agent for z/Linux versions 5.11.0 and 5.11.1 update to version 5.11.2 or higher"
}
],
"source": {
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2021-28827",
"datePublished": "2021-04-20T18:30:17.130237Z",
"dateReserved": "2021-03-18T00:00:00",
"dateUpdated": "2024-09-16T16:32:29.141Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5434 (GCVE-0-2018-5434)
Vulnerability from nvd – Published: 2018-06-13 13:00 – Updated: 2024-09-16 20:31
VLAI?
Summary
The TIBCO Designer component of TIBCO Software Inc.'s TIBCO Runtime Agent, and TIBCO Runtime Agent for z/Linux contains vulnerabilities wherein a malicious user could perform XML external entity expansion (XXE) attacks to disclose host machine information. Affected releases are TIBCO Software Inc.'s TIBCO Runtime Agent: versions up to and including 5.10.0, and TIBCO Runtime Agent for z/Linux: versions up to and including 5.9.1.
Severity ?
5.8 (Medium)
CWE
- The impact of the vulnerability includes the theoretical possibility of disclosing contents of files on the host machine that are accessible to the operating system account used to run the affected component.
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Runtime Agent |
Affected:
unspecified , ≤ 5.10.0
(custom)
|
|||||||
|
|||||||||
Credits
TIBCO would like to extend its appreciation to Baker Hamilton at Bishop Fox for discovery of this vulnerability.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:44.337Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104454",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104454"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2018/06/security-advisory-june-12-2018-tibco-runtime-agent-2018-5434"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Runtime Agent",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "5.10.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Runtime Agent for z/Linux",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "5.9.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "TIBCO would like to extend its appreciation to Baker Hamilton at Bishop Fox for discovery of this vulnerability."
}
],
"datePublic": "2018-06-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The TIBCO Designer component of TIBCO Software Inc.\u0027s TIBCO Runtime Agent, and TIBCO Runtime Agent for z/Linux contains vulnerabilities wherein a malicious user could perform XML external entity expansion (XXE) attacks to disclose host machine information. Affected releases are TIBCO Software Inc.\u0027s TIBCO Runtime Agent: versions up to and including 5.10.0, and TIBCO Runtime Agent for z/Linux: versions up to and including 5.9.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of the vulnerability includes the theoretical possibility of disclosing contents of files on the host machine that are accessible to the operating system account used to run the affected component.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-14T09:57:01",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"name": "104454",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104454"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2018/06/security-advisory-june-12-2018-tibco-runtime-agent-2018-5434"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO Runtime Agent versions 5.10.0 and below update to version 5.10.1 or higher\nTIBCO Runtime Agent for z/Linux versions 5.9.1 and below update to version 5.10.1 or higher"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "XML eXternal Entity Expansion Vulnerabilities with TIBCO Runtime Agent",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2018-06-12T16:00:00.000Z",
"ID": "CVE-2018-5434",
"STATE": "PUBLIC",
"TITLE": "XML eXternal Entity Expansion Vulnerabilities with TIBCO Runtime Agent"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Runtime Agent",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "5.10.0"
}
]
}
},
{
"product_name": "TIBCO Runtime Agent for z/Linux",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "5.9.1"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "TIBCO would like to extend its appreciation to Baker Hamilton at Bishop Fox for discovery of this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TIBCO Designer component of TIBCO Software Inc.\u0027s TIBCO Runtime Agent, and TIBCO Runtime Agent for z/Linux contains vulnerabilities wherein a malicious user could perform XML external entity expansion (XXE) attacks to disclose host machine information. Affected releases are TIBCO Software Inc.\u0027s TIBCO Runtime Agent: versions up to and including 5.10.0, and TIBCO Runtime Agent for z/Linux: versions up to and including 5.9.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of the vulnerability includes the theoretical possibility of disclosing contents of files on the host machine that are accessible to the operating system account used to run the affected component."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104454",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104454"
},
{
"name": "https://www.tibco.com/support/advisories/2018/06/security-advisory-june-12-2018-tibco-runtime-agent-2018-5434",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2018/06/security-advisory-june-12-2018-tibco-runtime-agent-2018-5434"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO Runtime Agent versions 5.10.0 and below update to version 5.10.1 or higher\nTIBCO Runtime Agent for z/Linux versions 5.9.1 and below update to version 5.10.1 or higher"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2018-5434",
"datePublished": "2018-06-13T13:00:00Z",
"dateReserved": "2018-01-12T00:00:00",
"dateUpdated": "2024-09-16T20:31:50.987Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0649 (GCVE-0-2011-0649)
Vulnerability from nvd – Published: 2011-02-04 00:00 – Updated: 2024-08-06 21:58
VLAI?
Summary
Multiple unspecified vulnerabilities in TIBCO Rendezvous 8.2.1 through 8.3.0, Enterprise Message Service (EMS) 5.1.0 through 6.0.0, Runtime Agent (TRA) 5.6.2 through 5.7.0, Silver BPM Service before 1.0.4, Silver CAP Service vebefore 1.0.2, and Silver BusinessWorks Service 1.0.0, when running on Unix systems, allow local users to gain root privileges via unknown vectors related to SUID and (1) Rendezvous Routing Daemon (rvrd), (2) Rendezvous Secure Daemon (rvsd), (3) Rendezvous Secure Routing Daemon (rvsrd), and (4) EMS Server (tibemsd).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:58:26.051Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43174",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43174"
},
{
"name": "43160",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43160"
},
{
"name": "ADV-2011-0269",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0269"
},
{
"name": "46104",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46104"
},
{
"name": "tibco-suid-privilege-escalation(65105)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65105"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/multimedia/rv_ems_security_advisory_20110201_tcm8-13185.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in TIBCO Rendezvous 8.2.1 through 8.3.0, Enterprise Message Service (EMS) 5.1.0 through 6.0.0, Runtime Agent (TRA) 5.6.2 through 5.7.0, Silver BPM Service before 1.0.4, Silver CAP Service vebefore 1.0.2, and Silver BusinessWorks Service 1.0.0, when running on Unix systems, allow local users to gain root privileges via unknown vectors related to SUID and (1) Rendezvous Routing Daemon (rvrd), (2) Rendezvous Secure Daemon (rvsd), (3) Rendezvous Secure Routing Daemon (rvsrd), and (4) EMS Server (tibemsd)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "43174",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43174"
},
{
"name": "43160",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43160"
},
{
"name": "ADV-2011-0269",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0269"
},
{
"name": "46104",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46104"
},
{
"name": "tibco-suid-privilege-escalation(65105)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65105"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/multimedia/rv_ems_security_advisory_20110201_tcm8-13185.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0649",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in TIBCO Rendezvous 8.2.1 through 8.3.0, Enterprise Message Service (EMS) 5.1.0 through 6.0.0, Runtime Agent (TRA) 5.6.2 through 5.7.0, Silver BPM Service before 1.0.4, Silver CAP Service vebefore 1.0.2, and Silver BusinessWorks Service 1.0.0, when running on Unix systems, allow local users to gain root privileges via unknown vectors related to SUID and (1) Rendezvous Routing Daemon (rvrd), (2) Rendezvous Secure Daemon (rvsd), (3) Rendezvous Secure Routing Daemon (rvsrd), and (4) EMS Server (tibemsd)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43174",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43174"
},
{
"name": "43160",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43160"
},
{
"name": "ADV-2011-0269",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0269"
},
{
"name": "46104",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46104"
},
{
"name": "tibco-suid-privilege-escalation(65105)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65105"
},
{
"name": "http://www.tibco.com/multimedia/rv_ems_security_advisory_20110201_tcm8-13185.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/multimedia/rv_ems_security_advisory_20110201_tcm8-13185.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0649",
"datePublished": "2011-02-04T00:00:00",
"dateReserved": "2011-01-25T00:00:00",
"dateUpdated": "2024-08-06T21:58:26.051Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0184 (GCVE-0-2010-0184)
Vulnerability from nvd – Published: 2010-01-14 19:00 – Updated: 2024-09-16 16:58
VLAI?
Summary
The (1) domainutility and (2) domainutilitycmd components in TIBCO Domain Utility in TIBCO Runtime Agent (TRA) before 5.6.2, as used in TIBCO ActiveMatrix BusinessWorks and other products, set weak permissions on domain properties files, which allows local users to obtain domain administrator credentials, and gain privileges on all domain systems, via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:37:54.113Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/multimedia/security_advisory_runtime_agent_20100113_tcm8-10392.txt"
},
{
"name": "37805",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37805"
},
{
"name": "ADV-2010-0128",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0128"
},
{
"name": "38191",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38191"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/mk/advisory.jsp"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The (1) domainutility and (2) domainutilitycmd components in TIBCO Domain Utility in TIBCO Runtime Agent (TRA) before 5.6.2, as used in TIBCO ActiveMatrix BusinessWorks and other products, set weak permissions on domain properties files, which allows local users to obtain domain administrator credentials, and gain privileges on all domain systems, via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-01-14T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/multimedia/security_advisory_runtime_agent_20100113_tcm8-10392.txt"
},
{
"name": "37805",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37805"
},
{
"name": "ADV-2010-0128",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0128"
},
{
"name": "38191",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38191"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/mk/advisory.jsp"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0184",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) domainutility and (2) domainutilitycmd components in TIBCO Domain Utility in TIBCO Runtime Agent (TRA) before 5.6.2, as used in TIBCO ActiveMatrix BusinessWorks and other products, set weak permissions on domain properties files, which allows local users to obtain domain administrator credentials, and gain privileges on all domain systems, via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/multimedia/security_advisory_runtime_agent_20100113_tcm8-10392.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/multimedia/security_advisory_runtime_agent_20100113_tcm8-10392.txt"
},
{
"name": "37805",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37805"
},
{
"name": "ADV-2010-0128",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0128"
},
{
"name": "38191",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38191"
},
{
"name": "http://www.tibco.com/mk/advisory.jsp",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/mk/advisory.jsp"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0184",
"datePublished": "2010-01-14T19:00:00Z",
"dateReserved": "2010-01-06T00:00:00Z",
"dateUpdated": "2024-09-16T16:58:40.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3338 (GCVE-0-2008-3338)
Vulnerability from nvd – Published: 2008-08-13 22:00 – Updated: 2024-08-07 09:37
VLAI?
Summary
Multiple buffer overflows in TIBCO Hawk (1) AMI C library (libtibhawkami) and (2) Hawk HMA (tibhawkhma), as used in TIBCO Hawk before 4.8.1; Runtime Agent (TRA) before 5.6.0; iProcess Engine 10.3.0 through 10.6.2 and 11.0.0; and Mainframe Service Tracker before 1.1.0 might allow remote attackers to execute arbitrary code via a crafted message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:37:26.835Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-2448",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2448"
},
{
"name": "tibcohawk-amiclibrary-hawkhma-bo(44604)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44604"
},
{
"name": "31618",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31618"
},
{
"name": "30836",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30836"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/resources/mk/hawk_security_advisory_20080729.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in TIBCO Hawk (1) AMI C library (libtibhawkami) and (2) Hawk HMA (tibhawkhma), as used in TIBCO Hawk before 4.8.1; Runtime Agent (TRA) before 5.6.0; iProcess Engine 10.3.0 through 10.6.2 and 11.0.0; and Mainframe Service Tracker before 1.1.0 might allow remote attackers to execute arbitrary code via a crafted message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-2448",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2448"
},
{
"name": "tibcohawk-amiclibrary-hawkhma-bo(44604)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44604"
},
{
"name": "31618",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31618"
},
{
"name": "30836",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30836"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/resources/mk/hawk_security_advisory_20080729.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3338",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in TIBCO Hawk (1) AMI C library (libtibhawkami) and (2) Hawk HMA (tibhawkhma), as used in TIBCO Hawk before 4.8.1; Runtime Agent (TRA) before 5.6.0; iProcess Engine 10.3.0 through 10.6.2 and 11.0.0; and Mainframe Service Tracker before 1.1.0 might allow remote attackers to execute arbitrary code via a crafted message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-2448",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2448"
},
{
"name": "tibcohawk-amiclibrary-hawkhma-bo(44604)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44604"
},
{
"name": "31618",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31618"
},
{
"name": "30836",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30836"
},
{
"name": "http://www.tibco.com/resources/mk/hawk_security_advisory_20080729.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/resources/mk/hawk_security_advisory_20080729.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3338",
"datePublished": "2008-08-13T22:00:00",
"dateReserved": "2008-07-27T00:00:00",
"dateUpdated": "2024-08-07T09:37:26.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1703 (GCVE-0-2008-1703)
Vulnerability from nvd – Published: 2008-04-11 10:00 – Updated: 2024-08-07 08:32
VLAI?
Summary
Multiple buffer overflows in TIBCO Software Rendezvous before 8.1.0, as used in multiple TIBCO products, allow remote attackers to execute arbitrary code via a crafted message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:32:01.300Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/resources/mk/rendezvous_security_advisory_20080409.txt"
},
{
"name": "1019826",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019826"
},
{
"name": "tibco-rendezvous-multiple-code-execution(41760)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41760"
},
{
"name": "44269",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/44269"
},
{
"name": "28717",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28717"
},
{
"name": "ADV-2008-1190",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1190/references"
},
{
"name": "29774",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29774"
},
{
"name": "ADV-2008-1189",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1189/references"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in TIBCO Software Rendezvous before 8.1.0, as used in multiple TIBCO products, allow remote attackers to execute arbitrary code via a crafted message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/resources/mk/rendezvous_security_advisory_20080409.txt"
},
{
"name": "1019826",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019826"
},
{
"name": "tibco-rendezvous-multiple-code-execution(41760)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41760"
},
{
"name": "44269",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/44269"
},
{
"name": "28717",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28717"
},
{
"name": "ADV-2008-1190",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1190/references"
},
{
"name": "29774",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29774"
},
{
"name": "ADV-2008-1189",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1189/references"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1703",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in TIBCO Software Rendezvous before 8.1.0, as used in multiple TIBCO products, allow remote attackers to execute arbitrary code via a crafted message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/resources/mk/rendezvous_security_advisory_20080409.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/resources/mk/rendezvous_security_advisory_20080409.txt"
},
{
"name": "1019826",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019826"
},
{
"name": "tibco-rendezvous-multiple-code-execution(41760)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41760"
},
{
"name": "44269",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/44269"
},
{
"name": "28717",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28717"
},
{
"name": "ADV-2008-1190",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1190/references"
},
{
"name": "29774",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29774"
},
{
"name": "ADV-2008-1189",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1189/references"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1703",
"datePublished": "2008-04-11T10:00:00",
"dateReserved": "2008-04-08T00:00:00",
"dateUpdated": "2024-08-07T08:32:01.300Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2830 (GCVE-0-2006-2830)
Vulnerability from nvd – Published: 2006-06-05 20:00 – Updated: 2024-08-07 18:06
VLAI?
Summary
Buffer overflow in TIBCO Rendezvous before 7.5.1, TIBCO Runtime Agent (TRA) before 5.4, and Hawk before 4.6.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the HTTP administrative interface.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:06:26.952Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#999884",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/999884"
},
{
"name": "tibco-rendezvous-admin-bo(26939)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26939"
},
{
"name": "1016145",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016145"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/resources/mk/rendezvous_security_advisory.txt"
},
{
"name": "20452",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20452"
},
{
"name": "18301",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18301"
},
{
"name": "ADV-2006-2155",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2155"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in TIBCO Rendezvous before 7.5.1, TIBCO Runtime Agent (TRA) before 5.4, and Hawk before 4.6.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the HTTP administrative interface."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#999884",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/999884"
},
{
"name": "tibco-rendezvous-admin-bo(26939)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26939"
},
{
"name": "1016145",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016145"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/resources/mk/rendezvous_security_advisory.txt"
},
{
"name": "20452",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20452"
},
{
"name": "18301",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18301"
},
{
"name": "ADV-2006-2155",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2155"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2830",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in TIBCO Rendezvous before 7.5.1, TIBCO Runtime Agent (TRA) before 5.4, and Hawk before 4.6.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the HTTP administrative interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#999884",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/999884"
},
{
"name": "tibco-rendezvous-admin-bo(26939)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26939"
},
{
"name": "1016145",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016145"
},
{
"name": "http://www.tibco.com/resources/mk/rendezvous_security_advisory.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/resources/mk/rendezvous_security_advisory.txt"
},
{
"name": "20452",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20452"
},
{
"name": "18301",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18301"
},
{
"name": "ADV-2006-2155",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2155"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2830",
"datePublished": "2006-06-05T20:00:00",
"dateReserved": "2006-06-05T00:00:00",
"dateUpdated": "2024-08-07T18:06:26.952Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2829 (GCVE-0-2006-2829)
Vulnerability from nvd – Published: 2006-06-05 20:00 – Updated: 2024-08-07 18:06
VLAI?
Summary
Buffer overflow in Hawk Monitoring Agent (HMA) for TIBCO Hawk before 4.6.1 and TIBCO Runtime Agent (TRA) before 5.4 allows authenticated users to execute arbitrary code via the configuration for tibhawkhma.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:06:26.969Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18300",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18300"
},
{
"name": "tibco-hawk-monagent-bo(26938)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26938"
},
{
"name": "20431",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20431"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/resources/mk/hawk_security_advisory.txt"
},
{
"name": "VU#620516",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/620516"
},
{
"name": "1016223",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016223"
},
{
"name": "ADV-2006-2156",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2156"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Hawk Monitoring Agent (HMA) for TIBCO Hawk before 4.6.1 and TIBCO Runtime Agent (TRA) before 5.4 allows authenticated users to execute arbitrary code via the configuration for tibhawkhma."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18300",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18300"
},
{
"name": "tibco-hawk-monagent-bo(26938)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26938"
},
{
"name": "20431",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20431"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/resources/mk/hawk_security_advisory.txt"
},
{
"name": "VU#620516",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/620516"
},
{
"name": "1016223",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016223"
},
{
"name": "ADV-2006-2156",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2156"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2829",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Hawk Monitoring Agent (HMA) for TIBCO Hawk before 4.6.1 and TIBCO Runtime Agent (TRA) before 5.4 allows authenticated users to execute arbitrary code via the configuration for tibhawkhma."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18300",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18300"
},
{
"name": "tibco-hawk-monagent-bo(26938)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26938"
},
{
"name": "20431",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20431"
},
{
"name": "http://www.tibco.com/resources/mk/hawk_security_advisory.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/resources/mk/hawk_security_advisory.txt"
},
{
"name": "VU#620516",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/620516"
},
{
"name": "1016223",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016223"
},
{
"name": "ADV-2006-2156",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2156"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2829",
"datePublished": "2006-06-05T20:00:00",
"dateReserved": "2006-06-05T00:00:00",
"dateUpdated": "2024-08-07T18:06:26.969Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}