Main Vulnerability Database Vulnerabilities #VU12307

#VU12307 Buffer overflow in EMS Appliance and Enterprise Message Service - CVE-2016-3628

Published: April 30, 2018 / Updated: April 30, 2018

Vulnerability identifier: #VU12307

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2016-3628

CWE-ID: CWE-120

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
EMS Appliance
Enterprise Message Service

Software vendor:
TIBCO

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition or execute arbitrary code on the target system.

The weakness exists in tibemsd in the server due to buffer overflow. A remote attacker can submit specially crafted inbound data, trigger memory corruption, cause the service to crash or execute arbitrary code.

Successful exploitation of the vulnerability may result in complete compromise of vulnerable system.

Remediation

Update TIBCO Enterprise Message Service (EMS) to 8.3.0 and EMS Appliance to 2.4.0.

External links

https://www.tibco.com/sites/tibco/files/2017-01/2016-001-advisory.txt

#VU12307 Buffer overflow in EMS Appliance and Enterprise Message Service - CVE-2016-3628

Description

Remediation

External links

Please verify you're human