TIBCO takes its security responsibilities very seriously. This page provides information about TIBCO security and how customers or security researchers can contact TIBCO to report or ask about a security issue.
TIBCO Security Advisory: April 19, 2016 - TIBCO Enterprise Message Service™
TIBCO Enterprise Message Service™ vulnerability
Original release date: April 19, 2016
Last revised: --
Source: TIBCO Software Inc.
The TIBCO EMS components listed below contain a buffer overflow in the processing of inbound data.
- TIBCO Enterprise Message Service (EMS) 8.2.2 and below
- TIBCO Enterprise Message Service Appliance 2.3.1 and below
The following components are affected:
- TIBCO EMS Server (tibemsd)
The impact of this vulnerability includes the theoretical possibility of remote command execution.
- CVSS v2 Base Score: 4.6 (AV:N/AC:H/Au:S/C:P/I:P/A:P)
TIBCO has released updated versions of the affected components which address these issues.
For each affected system, update to the corresponding software versions:
- TIBCO Enterprise Message Service (EMS) 8.3.0 or higher
- TIBCO Enterprise Message Service Appliance 2.4.0 or higher