CVE-2021-28818 – TIBCO Rendezvous Windows Platform Artifact Search vulnerability
https://notcve.org/view.php?id=CVE-2021-28818
The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), Rendezvous Secure C API, Rendezvous Java API, and Rendezvous .Net API components of TIBCO Software Inc.'s TIBCO Rendezvous and TIBCO Rendezvous Developer Edition contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.' • http://www.tibco.com/services/support/advisories •
CVE-2021-28817 – TIBCO Rendezvous Windows Platform Installation vulnerability
https://notcve.org/view.php?id=CVE-2021-28817
The Windows Installation component of TIBCO Software Inc.'s TIBCO Rendezvous and TIBCO Rendezvous Developer Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.' • http://www.tibco.com/services/support/advisories •
CVE-2018-12414 – TIBCO Rendezvous Vulnerable to CSRF Attacks
https://notcve.org/view.php?id=CVE-2018-12414
The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), and Rendezvous Daemon Manager (rvdm) components of TIBCO Software Inc.'s TIBCO Rendezvous, TIBCO Rendezvous Developer Edition, TIBCO Rendezvous for z/Linux, TIBCO Rendezvous for z/OS, TIBCO Rendezvous Network Server, TIBCO Substation ES contain vulnerabilities which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Rendezvous: versions up to and including 8.4.5, TIBCO Rendezvous Developer Edition: versions up to and including 8.4.5, TIBCO Rendezvous for z/Linux: versions up to and including 8.4.5, TIBCO Rendezvous for z/OS: versions up to and including 8.4.5, TIBCO Rendezvous Network Server: versions up to and including 1.1.2, and TIBCO Substation ES: versions up to and including 2.12.2. Los componentes Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache) y Rendezvous Daemon Manager (rvdm) de TIBCO Rendezvous, TIBCO Rendezvous Developer Edition, TIBCO Rendezvous for z/Linux, TIBCO Rendezvous for z/OS, TIBCO Rendezvous Network Server y TIBCO Substation ES, de TIBCO Software Inc., contiene vulnerabilidades que podrían permitir que un atacante realice ataques de Cross-Site Request Forgery (CSRF). • http://www.securityfocus.com/bid/105871 http://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-rendezvous • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2015-4555
https://notcve.org/view.php?id=CVE-2015-4555
Buffer overflow in the HTTP administrative interface in TIBCO Rendezvous before 8.4.4, Rendezvous Network Server before 1.1.1, Substation ES before 2.9.0, and Messaging Appliance before 8.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the Rendezvous Daemon (rvd), Routing Daemon (rvrd), Secure Daemon (rvsd), Secure Routing Daemon (rvsrd), Gateway Daemon (rvgd), Daemon Adapter (rvda), Cache (rvcache), Agent (rva), and Relay Agent (rvrad) components. Desbordamiento de buffer en la interfaz administrativa HTTP en TIBCO Rendezvous en versiones anteriores a 8.4.4, Rendezvous Network Server en versiones anteriores a 1.1.1, Substation ES en versiones anteriores a 2.9.0 y Messaging Appliance en versiones anteriores a 8.7.2, permite a atacantes remotos causar una denegación de servicio o posiblemente ejecutar código arbitrario a través de vectores no especificados, relacionado con los componentes Rendezvous Daemon (rvd), Routing Daemon (rvrd), Secure Daemon (rvsd), Secure Routing Daemon (rvsrd), Gateway Daemon (rvgd), Daemon Adapter (rvda), Cache (rvcache), Agent (rva) y Relay Agent (rvrad). • http://www.securitytracker.com/id/1033677 http://www.tibco.com/assets/blt18493dc775c50c09/2015-002-advisory.txt http://www.tibco.com/mk/advisory.jsp •
CVE-2014-2541
https://notcve.org/view.php?id=CVE-2014-2541
The Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 do not properly implement access control, which allows remote attackers to obtain sensitive information or modify transmitted information via unspecified vectors. El demonio de Rendezvous (rvd), el demonio de Rendezvous Routing (rvrd), el demonio de Rendezvous Secure (rvsd) y el demonio de Rendezvous Secure Routing (rvsrd) en TIBCO Rendezvous anterior a 8.4.2, Messaging Appliance anterior a 8.7.1 y Substation ES anterior a 2.8.1 no implementan debidamente control de acceso, lo que permite a atacantes remotos obtener información sensible o modificar información transmitida a través de vectores no especificados. • http://www.securitytracker.com/id/1030070 http://www.tibco.com/mk/advisory.jsp http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt • CWE-264: Permissions, Privileges, and Access Controls •