VAR-201604-0309
Vulnerability from variot - Updated: 2023-12-18 12:30Buffer overflow in tibemsd in the server in TIBCO Enterprise Message Service (EMS) before 8.3.0 and EMS Appliance before 2.4.0 allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via crafted inbound data. Multiple TIBCO Products are prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in denial-of-service conditions. The following TIBCO products are affected: TIBCO Enterprise Message Service (EMS) 8.2.2 and prior versions are affected. TIBCO Enterprise Message Service Appliance 2.3.1 and prior versions are affected. The former is a set of standards-based message middleware for simplifying and accelerating high-performance integration and data distribution management, and enterprise environments, and the latter is a message middleware product. There is a buffer overflow vulnerability in tibemsd in servers of TIBCO EMS 8.2.2 and earlier versions and EMS Appliance 2.3.1 and earlier versions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201604-0309",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "enterprise message service appliance",
"scope": "lte",
"trust": 1.0,
"vendor": "tibco",
"version": "2.3.1"
},
{
"model": "enterprise message service",
"scope": "lte",
"trust": 1.0,
"vendor": "tibco",
"version": "8.2.2"
},
{
"model": "enterprise message service",
"scope": "lt",
"trust": 0.8,
"vendor": "tibco",
"version": "8.3.0"
},
{
"model": "enterprise message service appliance",
"scope": "lt",
"trust": 0.8,
"vendor": "tibco",
"version": "2.4.0"
},
{
"model": "enterprise message service appliance",
"scope": "eq",
"trust": 0.6,
"vendor": "tibco",
"version": null
},
{
"model": "enterprise message service",
"scope": "eq",
"trust": 0.6,
"vendor": "tibco",
"version": "8.2.2"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002143"
},
{
"db": "NVD",
"id": "CVE-2016-3628"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-507"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:tibco:enterprise_message_service_appliance:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:tibco:enterprise_message_service_appliance_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.3.1",
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:tibco:enterprise_message_service:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-3628"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "86816"
}
],
"trust": 0.3
},
"cve": "CVE-2016-3628",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-3628",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-92447",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-3628",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-3628",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201604-507",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-92447",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-92447"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002143"
},
{
"db": "NVD",
"id": "CVE-2016-3628"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-507"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in tibemsd in the server in TIBCO Enterprise Message Service (EMS) before 8.3.0 and EMS Appliance before 2.4.0 allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via crafted inbound data. Multiple TIBCO Products are prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. \nAttackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in denial-of-service conditions. \nThe following TIBCO products are affected:\nTIBCO Enterprise Message Service (EMS) 8.2.2 and prior versions are affected. \nTIBCO Enterprise Message Service Appliance 2.3.1 and prior versions are affected. The former is a set of standards-based message middleware for simplifying and accelerating high-performance integration and data distribution management, and enterprise environments, and the latter is a message middleware product. There is a buffer overflow vulnerability in tibemsd in servers of TIBCO EMS 8.2.2 and earlier versions and EMS Appliance 2.3.1 and earlier versions",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-3628"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002143"
},
{
"db": "BID",
"id": "86816"
},
{
"db": "VULHUB",
"id": "VHN-92447"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-3628",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002143",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201604-507",
"trust": 0.6
},
{
"db": "BID",
"id": "86816",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-92447",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-92447"
},
{
"db": "BID",
"id": "86816"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002143"
},
{
"db": "NVD",
"id": "CVE-2016-3628"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-507"
}
]
},
"id": "VAR-201604-0309",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-92447"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:30:03.403000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Advisories for TIBCO Products (April 19, 2016)",
"trust": 0.8,
"url": "http://www.tibco.com/services/support/advisories"
},
{
"title": "TIBCO Enterprise Message Service vulnerability",
"trust": 0.8,
"url": "http://www.tibco.com/assets/blt8a2d9978616c21fe/2016-001-advisory.txt"
},
{
"title": "TIBCO Enterprise Message Service and EMS Appliance Buffer Overflow Vulnerability Fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=61196"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002143"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-507"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-92447"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002143"
},
{
"db": "NVD",
"id": "CVE-2016-3628"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.tibco.com/assets/blt8a2d9978616c21fe/2016-001-advisory.txt"
},
{
"trust": 1.7,
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3628"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-3628"
},
{
"trust": 0.3,
"url": "http://www.tibco.com/index.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-92447"
},
{
"db": "BID",
"id": "86816"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002143"
},
{
"db": "NVD",
"id": "CVE-2016-3628"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-507"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-92447"
},
{
"db": "BID",
"id": "86816"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002143"
},
{
"db": "NVD",
"id": "CVE-2016-3628"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-507"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-20T00:00:00",
"db": "VULHUB",
"id": "VHN-92447"
},
{
"date": "2016-04-20T00:00:00",
"db": "BID",
"id": "86816"
},
{
"date": "2016-04-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002143"
},
{
"date": "2016-04-20T10:59:00.113000",
"db": "NVD",
"id": "CVE-2016-3628"
},
{
"date": "2016-04-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-507"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-05-18T00:00:00",
"db": "VULHUB",
"id": "VHN-92447"
},
{
"date": "2016-04-20T00:00:00",
"db": "BID",
"id": "86816"
},
{
"date": "2016-04-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002143"
},
{
"date": "2016-05-18T21:39:43.047000",
"db": "NVD",
"id": "CVE-2016-3628"
},
{
"date": "2016-04-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-507"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-507"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TIBCO Enterprise Message Service and EMS Appliance Server tibemsd Vulnerable to buffer overflow",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002143"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-507"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…