Buffer Overflow Vulnerability in TIBCO Enterprise Message Service
CVE-2016-3628

8.8HIGH

Key Information:

Vendor: Tibco
Status: Enterprise Message Service Appliance Firmware
Vendor: CVE Published:; 20 April 2016

Summary

The vulnerability resides in the tibemsd server of TIBCO Enterprise Message Service (EMS) prior to version 8.3.0 and EMS Appliance before version 2.4.0. It stems from improper handling of crafted inbound data by authenticated remote users, which could potentially lead to a denial of service or even arbitrary code execution, thereby posing a significant security risk. Organizations using affected versions should take immediate action to mitigate the threat by updating to the latest versions.

References

http://www.tibco.com/mk/advisory.jsp

x_refsource_CONFIRM

http://www.tibco.com/assets/blt8a2d9978616c21fe/2016-001-...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 20, 2016
Vulnerability Reserved
Mar 21, 2016