Vulnerabilities > Tibco > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-20 | CVE-2018-5428 | Command Injection vulnerability in Tibco Data Virtualization 7.0.5/7.0.6 The version control adapters component of TIBCO Data Virtualization (formerly known as Cisco Information Server) contains vulnerabilities that may allow for arbitrary command execution. | 9.0 |
| 2017-12-13 | CVE-2017-5534 | Unspecified vulnerability in Tibco Tibbr 6.0.0/6.0.1/7.0.0 The tibbr user profiles components of tibbr Community, and tibbr Enterprise expose a weakness in an improperly sandboxed third-party component. | 9.0 |
| 2014-02-27 | CVE-2014-2075 | Improper Authentication vulnerability in Tibco products TIBCO Enterprise Administrator 1.0.0 and Enterprise Administrator SDK 1.0.0 do not properly enforce administrative authentication requirements, which allows remote attackers to execute arbitrary commands via unspecified vectors. | 10.0 |
| 2010-12-17 | CVE-2010-4495 | Remote Code Execution vulnerability in TIBCO ActiveMatrix Products Unspecified vulnerability in the ActiveMatrix Runtime component in TIBCO ActiveMatrix Service Grid 3.0.0, 3.0.1, and 3.1.0; ActiveMatrix Service Bus 3.0.0 and 3.0.1; ActiveMatrix BusinessWorks Service Engine 5.9.0; ActiveMatrix BPM 1.0.1 and 1.0.2; Silver BPM Service 1.0.1; and Silver CAP Service 1.0.0 allows remote authenticated users to execute arbitrary code via vectors related to JMX connections. | 9.0 |
| 2010-10-26 | CVE-2010-3491 | Improper Input Validation vulnerability in Tibco products The (1) ActiveMatrix Runtime and (2) ActiveMatrix Administrator components in TIBCO ActiveMatrix Service Grid before 2.3.1, ActiveMatrix Service Bus before 2.3.1, ActiveMatrix BusinessWorks Service Engine before 5.8.1, and ActiveMatrix Service Performance Manager before 1.3.2 do not properly handle JMX connections, which allows remote attackers to execute arbitrary code, obtain sensitive information, or cause a denial of service via unspecified vectors. | 10.0 |
| 2009-04-30 | CVE-2009-1291 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tibco products Stack-based buffer overflow in TIBCO SmartSockets before 6.8.2, SmartSockets Product Family (aka RTworks) before 4.0.5, and Enterprise Message Service (EMS) 4.0.0 through 5.1.1, as used in SmartSockets Server and RTworks Server (aka RTserver), SmartSockets client libraries and add-on products, RTworks libraries and components, EMS Server (aka tibemsd), SmartMQ, iProcess Engine, ActiveMatrix products, and CA Enterprise Communicator, allows remote attackers to execute arbitrary code via "inbound data," as demonstrated by requests to the UDP interface of the RTserver component, and data injection into the TCP stream to tibemsd. | 10.0 |
| 2008-08-13 | CVE-2008-3338 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tibco products Multiple buffer overflows in TIBCO Hawk (1) AMI C library (libtibhawkami) and (2) Hawk HMA (tibhawkhma), as used in TIBCO Hawk before 4.8.1; Runtime Agent (TRA) before 5.6.0; iProcess Engine 10.3.0 through 10.6.2 and 11.0.0; and Mainframe Service Tracker before 1.1.0 might allow remote attackers to execute arbitrary code via a crafted message. | 10.0 |
| 2008-04-11 | CVE-2008-1704 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tibco Enterprise Message Service and Iprocess Engine Multiple buffer overflows in TIBCO Software Enterprise Message Service (EMS) before 4.4.3, and iProcess Engine 10.6.0 through 10.6.1, allow remote attackers to execute arbitrary code via a crafted message to the EMS server. | 10.0 |
| 2008-04-11 | CVE-2008-1703 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tibco products Multiple buffer overflows in TIBCO Software Rendezvous before 8.1.0, as used in multiple TIBCO products, allow remote attackers to execute arbitrary code via a crafted message. | 9.3 |
| 2008-01-16 | CVE-2007-5658 | Improper Input Validation vulnerability in Tibco products Heap-based buffer overflow in TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing size and copy-length values that trigger the overflow. | 10.0 |