CVE-2007-5655Improper Restriction of Operations within the Bounds of a Memory Buffer in Rtworks

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-822Untrusted Pointer Dereference4 documents4 sources
Severity
10.0CRITICALNVD
EPSS
19.7%
top 4.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Tibco RtworksTibco Smartsockets Rtserver
Timeline
PublishedJan 16
Latest updateMay 1

Description

TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing values that are used as pointers.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

NVDtibco/rtworks4.0.3

🔴Vulnerability Details

2
GHSA
GHSA-6x8f-7m3j-wphq: TIBCO SmartSockets RTserver 62022-05-01
CVEList
CVE-2007-5655: TIBCO SmartSockets RTserver 62008-01-16

📐Framework References

1
CWE
Untrusted Pointer Dereference
CVE-2007-5655 — Tibco Rtworks vulnerability | cvebase