Security Advisory for TIBCO Enterprise Message Service

Security Advisory for TIBCO Enterprise Message Service

book

Article ID: KB0108207

calendar_today

Updated On:

Products Versions
All Products -
TIBCO Enterprise Message Service Appliance -
Not Applicable -

Description

Description:
TIBCO Enterprise Message Service vulnerability

  Original release date: April 19, 2016
  Last revised: --
  Source: TIBCO Software Inc.


Systems Affected

  TIBCO Enterprise Message Service (EMS) 8.2.2 and below
  TIBCO Enterprise Message Service Appliance 2.3.1 and below

  The following components are affected:

    * TIBCO EMS Server (tibemsd)


Description

  The TIBCO EMS components listed above contain a buffer overflow in the
  processing of inbound data.


Impact

  The impact of this vulnerability includes the theoretical possibility of
  remote command execution.

  CVSS v2 Base Score: 4.6 (AV:N/AC:H/Au:S/C:P/I:P/A:P)


Solution

  TIBCO has released updated versions of the affected components which
  address these issues.

  For each affected system, update to the corresponding software versions:

  TIBCO Enterprise Message Service (EMS) 8.3.0 or higher
  TIBCO Enterprise Message Service Appliance 2.4.0 or higher


References

  http://www.tibco.com/mk/advisory.jsp
  CVE: CVE-2016-3628

Issue/Introduction

Security Advisory for TIBCO Enterprise Message Service

Environment

TIBCO Enterprise Message Service (EMS) 8.2.2 and below TIBCO Enterprise Message Service Appliance 2.3.1 and below

Resolution

x

Additional Information

 http://www.tibco.com/mk/advisory.jsp
  CVE: CVE-2016-3628
Powered by Wolken Software