CVE-2007-5657Improper Input Validation in Rtworks

CWE-20Improper Input ValidationCWE-823Use of Out-of-range Pointer Offset4 documents4 sources
Severity
10.0CRITICALNVD
EPSS
12.8%
top 5.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Tibco RtworksTibco Smartsockets Rtserver
Timeline
PublishedJan 16
Latest updateMay 1

Description

TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing values that are used as pointer offsets.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

NVDtibco/rtworks4.0.3

🔴Vulnerability Details

2
GHSA
GHSA-4vjj-hp93-6mc6: TIBCO SmartSockets RTserver 62022-05-01
CVEList
CVE-2007-5657: TIBCO SmartSockets RTserver 62008-01-16

📐Framework References

1
CWE
Use of Out-of-range Pointer Offset
CVE-2007-5657 — Improper Input Validation in Rtworks | cvebase