Tibco: Security Vulnerabilities
rvd in TIBCO Rendezvous (RV) 7.5.2, when -no-lead-wc is omitted, might allow remote attackers to cause a denial of service (network instability) via a subject name with a leading (1) '*' (asterisk) or (2) '>' (greater than) wildcard character.
CVSS Score
4.3
EPSS Score
0.01
Published
2007-08-03
TIBCO Rendezvous (RV) 7.5.2 does not protect confidentiality or integrity of inter-daemon communication, which allows remote attackers to capture and spoof traffic.
CVSS Score
7.8
EPSS Score
0.004
Published
2007-08-03
TIBCO RendezVous 7.4.11 and earlier logs base64-encoded usernames and passwords in rvrd.db, which allows local users to obtain sensitive information by decoding the log file.
CVSS Score
1.2
EPSS Score
0.002
Published
2006-09-11
Buffer overflow in Hawk Monitoring Agent (HMA) for TIBCO Hawk before 4.6.1 and TIBCO Runtime Agent (TRA) before 5.4 allows authenticated users to execute arbitrary code via the configuration for tibhawkhma.
CVSS Score
6.8
EPSS Score
0.001
Published
2006-06-05
Buffer overflow in TIBCO Rendezvous before 7.5.1, TIBCO Runtime Agent (TRA) before 5.4, and Hawk before 4.6.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the HTTP administrative interface.
CVSS Score
7.5
EPSS Score
0.069
Published
2006-06-05
Page 23