Vulnerability Details : CVE-2015-4555
Buffer overflow in the HTTP administrative interface in TIBCO Rendezvous before 8.4.4, Rendezvous Network Server before 1.1.1, Substation ES before 2.9.0, and Messaging Appliance before 8.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the Rendezvous Daemon (rvd), Routing Daemon (rvrd), Secure Daemon (rvsd), Secure Routing Daemon (rvsrd), Gateway Daemon (rvgd), Daemon Adapter (rvda), Cache (rvcache), Agent (rva), and Relay Agent (rvrad) components.
Vulnerability category: OverflowExecute codeDenial of service
Products affected by CVE-2015-4555
- cpe:2.3:a:tibco:rendezvous:*:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:rendezvous_network_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:substation_es:*:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:messaging_appliance:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-4555
3.46%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 90 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-4555
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2015-4555
-
http://www.securitytracker.com/id/1033677
TIBCO Rendezvous Buffer Overflows Let Remote Users Deny Service or Execute Arbitrary Code - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.tibco.com/mk/advisory.jsp
Advisory | TIBCO SoftwareVendor Advisory
-
http://www.tibco.com/assets/blt18493dc775c50c09/2015-002-advisory.txt
TIBCO Security Advisory: August 25, 2015 - TIBCO Rendezvous® | TIBCO SoftwareVendor Advisory
Jump to