Sign-up

ID

VAR-201604-0309


CVE

CVE-2016-3628


TITLE

TIBCO Enterprise Message Service and EMS Appliance Server tibemsd Vulnerable to buffer overflow

Trust: 0.8

sources: JVNDB: JVNDB-2016-002143

DESCRIPTION

Buffer overflow in tibemsd in the server in TIBCO Enterprise Message Service (EMS) before 8.3.0 and EMS Appliance before 2.4.0 allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via crafted inbound data. Multiple TIBCO Products are prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in denial-of-service conditions. The following TIBCO products are affected: TIBCO Enterprise Message Service (EMS) 8.2.2 and prior versions are affected. TIBCO Enterprise Message Service Appliance 2.3.1 and prior versions are affected. The former is a set of standards-based message middleware for simplifying and accelerating high-performance integration and data distribution management, and enterprise environments, and the latter is a message middleware product. There is a buffer overflow vulnerability in tibemsd in servers of TIBCO EMS 8.2.2 and earlier versions and EMS Appliance 2.3.1 and earlier versions

Trust: 1.98

sources: NVD: CVE-2016-3628 // JVNDB: JVNDB-2016-002143 // BID: 86816 // VULHUB: VHN-92447

AFFECTED PRODUCTS

vendor:tibcomodel:enterprise message service appliancescope:lteversion:2.3.1

Trust: 1.0

vendor:tibcomodel:enterprise message servicescope:lteversion:8.2.2

Trust: 1.0

vendor:tibcomodel:enterprise message servicescope:ltversion:8.3.0

Trust: 0.8

vendor:tibcomodel:enterprise message service appliancescope:ltversion:2.4.0

Trust: 0.8

vendor:tibcomodel:enterprise message service appliancescope:eqversion: -

Trust: 0.6

vendor:tibcomodel:enterprise message servicescope:eqversion:8.2.2

Trust: 0.6

sources: JVNDB: JVNDB-2016-002143 // CNNVD: CNNVD-201604-507 // NVD: CVE-2016-3628

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-3628
value: HIGH

Trust: 1.0

NVD: CVE-2016-3628
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201604-507
value: MEDIUM

Trust: 0.6

VULHUB: VHN-92447
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-3628
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-92447
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-3628
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-92447 // JVNDB: JVNDB-2016-002143 // CNNVD: CNNVD-201604-507 // NVD: CVE-2016-3628

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-92447 // JVNDB: JVNDB-2016-002143 // NVD: CVE-2016-3628

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201604-507

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201604-507

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-002143

PATCH
title:Security Advisories for TIBCO Products (April 19, 2016)url:http://www.tibco.com/services/support/advisories
Trust: 0.8
title:TIBCO Enterprise Message Service vulnerabilityurl:http://www.tibco.com/assets/blt8a2d9978616c21fe/2016-001-advisory.txt
Trust: 0.8
title:TIBCO Enterprise Message Service  and EMS Appliance Buffer Overflow Vulnerability Fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61196
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-002143 // 
            
            
            
            CNNVD: CNNVD-201604-507

EXTERNAL IDS
db:NVDid:CVE-2016-3628
Trust: 2.8
db:JVNDBid:JVNDB-2016-002143
Trust: 0.8
db:CNNVDid:CNNVD-201604-507
Trust: 0.6
db:BIDid:86816
Trust: 0.4
db:VULHUBid:VHN-92447
Trust: 0.1
sources:
            
            
            VULHUB: VHN-92447 // 
            
            
            
            BID: 86816 // 
            
            
            
            JVNDB: JVNDB-2016-002143 // 
            
            
            
            CNNVD: CNNVD-201604-507 // 
            
            
            
            NVD: CVE-2016-3628

REFERENCES
url:http://www.tibco.com/assets/blt8a2d9978616c21fe/2016-001-advisory.txt
Trust: 1.7
url:http://www.tibco.com/mk/advisory.jsp
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3628
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-3628
Trust: 0.8
url:http://www.tibco.com/index.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-92447 // 
            
            
            
            BID: 86816 // 
            
            
            
            JVNDB: JVNDB-2016-002143 // 
            
            
            
            CNNVD: CNNVD-201604-507 // 
            
            
            
            NVD: CVE-2016-3628

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 86816

SOURCES
db:VULHUBid:VHN-92447
db:BIDid:86816
db:JVNDBid:JVNDB-2016-002143
db:CNNVDid:CNNVD-201604-507
db:NVDid:CVE-2016-3628

LAST UPDATE DATE
2025-04-13T23:26:38.709000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-92447date:2016-05-18T00:00:00
db:BIDid:86816date:2016-04-20T00:00:00
db:JVNDBid:JVNDB-2016-002143date:2016-04-22T00:00:00
db:CNNVDid:CNNVD-201604-507date:2016-04-21T00:00:00
db:NVDid:CVE-2016-3628date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-92447date:2016-04-20T00:00:00
db:BIDid:86816date:2016-04-20T00:00:00
db:JVNDBid:JVNDB-2016-002143date:2016-04-22T00:00:00
db:CNNVDid:CNNVD-201604-507date:2016-04-21T00:00:00
db:NVDid:CVE-2016-3628date:2016-04-20T10:59:00.113