CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2018-12414 – TIBCO Rendezvous Vulnerable to CSRF Attacks
https://notcve.org/view.php?id=CVE-2018-12414
The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), and Rendezvous Daemon Manager (rvdm) components of TIBCO Software Inc.'s TIBCO Rendezvous, TIBCO Rendezvous Developer Edition, TIBCO Rendezvous for z/Linux, TIBCO Rendezvous for z/OS, TIBCO Rendezvous Network Server, TIBCO Substation ES contain vulnerabilities which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Rendezvous: versions up to and including 8.4.5, TIBCO Rendezvous Developer Edition: versions up to and including 8.4.5, TIBCO Rendezvous for z/Linux: versions up to and including 8.4.5, TIBCO Rendezvous for z/OS: versions up to and including 8.4.5, TIBCO Rendezvous Network Server: versions up to and including 1.1.2, and TIBCO Substation ES: versions up to and including 2.12.2. Los componentes Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache) y Rendezvous Daemon Manager (rvdm) de TIBCO Rendezvous, TIBCO Rendezvous Developer Edition, TIBCO Rendezvous for z/Linux, TIBCO Rendezvous for z/OS, TIBCO Rendezvous Network Server y TIBCO Substation ES, de TIBCO Software Inc., contiene vulnerabilidades que podrían permitir que un atacante realice ataques de Cross-Site Request Forgery (CSRF). • http://www.securityfocus.com/bid/105871 http://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-rendezvous • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 3%CPEs: 4EXPL: 0CVE-2015-4555
https://notcve.org/view.php?id=CVE-2015-4555
Buffer overflow in the HTTP administrative interface in TIBCO Rendezvous before 8.4.4, Rendezvous Network Server before 1.1.1, Substation ES before 2.9.0, and Messaging Appliance before 8.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the Rendezvous Daemon (rvd), Routing Daemon (rvrd), Secure Daemon (rvsd), Secure Routing Daemon (rvsrd), Gateway Daemon (rvgd), Daemon Adapter (rvda), Cache (rvcache), Agent (rva), and Relay Agent (rvrad) components. Desbordamiento de buffer en la interfaz administrativa HTTP en TIBCO Rendezvous en versiones anteriores a 8.4.4, Rendezvous Network Server en versiones anteriores a 1.1.1, Substation ES en versiones anteriores a 2.9.0 y Messaging Appliance en versiones anteriores a 8.7.2, permite a atacantes remotos causar una denegación de servicio o posiblemente ejecutar código arbitrario a través de vectores no especificados, relacionado con los componentes Rendezvous Daemon (rvd), Routing Daemon (rvrd), Secure Daemon (rvsd), Secure Routing Daemon (rvsrd), Gateway Daemon (rvgd), Daemon Adapter (rvda), Cache (rvcache), Agent (rva) y Relay Agent (rvrad). • http://www.securitytracker.com/id/1033677 http://www.tibco.com/assets/blt18493dc775c50c09/2015-002-advisory.txt http://www.tibco.com/mk/advisory.jsp •