SB2016041902 - Remote code execution in TIBCO EMS
Published: April 19, 2016
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Buffer overflow (CVE-ID: CVE-2016-3628)
CWE-ID: CWE-120 - Buffer overflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote authenticated attacker to cause DoS condition or execute arbitrary code on the target system.
The weakness exists in tibemsd in the server due to buffer overflow. A remote attacker can submit specially crafted inbound data, trigger memory corruption, cause the service to crash or execute arbitrary code.
Successful exploitation of the vulnerability may result in complete compromise of vulnerable system.
Remediation
Install update from vendor's website.