IRM Vendor Alerts: Six critical remote vulnerabilities in TIBCO SmartPGM FX

To: <bugtraq@xxxxxxxxxxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: IRM Vendor Alerts: Six critical remote vulnerabilities in TIBCO SmartPGM FX
From: "Andy Davis" <andy.davis@xxxxxxxxxx>
Date: Tue, 16 Oct 2007 17:25:59 +0100
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Thread-index: AcgQETxWBAewk9uPQAeaxoFe98U4vA==
Thread-topic: IRM Vendor Alerts: Six critical remote vulnerabilities in TIBCO SmartPGM FX

IRM have discovered six critical remote vulnerabilities in TIBCO SmartPGM FX. 
Five of these vulnerabilities could potentially result in an attacker gaining 
remote administrative control of the server on which SmartPGM FX is running and 
therefore, also allow access to any data stored on or being communicated by the 
server.

The final vulnerability, a Denial of Service attack, would stop the SmartPGM FX 
service so that file transfers could not be performed.

More information can be found at the following location:

http://www.irmplc.com/index.php/111-Vendor-Alerts

Once TIBCO has produced either workarounds or patches to mitigate these 
vulnerabilities, IRM will release advisories which will include full technical 
details.



Andy Davis | Chief Research Officer

Information Risk Management Plc
8th Floor | Kings Building | Smith Square | London SW1P 3JJ
Tel: +44 (0) 1242 225 205
Fax: +44 (0) 1242 225 215
www.irmplc.com

The information contained in this email is privileged and confidential and is 
intended only for the use of the addressee. Unauthorised disclosure, copying or 
distribution of the contents is strictly prohibited. Please reply immediately 
if you receive this email in error and then immediately delete it from your 
system.

Where relevant, any quotation contained within this email is exclusive of VAT 
at the current rate and valid for 30 days from the date of this email. 
Information Risk Management Plc (IRM) does not authorise the creation of 
contracts on its behalf by email. All information contained within this email 
and its attachments are subject to IRM's standard terms and conditions, a copy 
of which is available upon request.

All attachments have been scanned for viruses using regularly updated programs. 
IRM cannot accept liability for any damage you incur as a result of virus 
infection and we advise that you should carry out such virus and other checks 
as you consider appropriate.
IRM is a company registered in England with company number 3612719. The above 
address is the official registered office of IRM.

Prev by Date: RE: playing for fun with <=IE7
Next by Date: FW: [Dailydave] Canada's Response to Black Hat - SecTor 2007
Previous by thread: about phpMyAdmin setup.php XSS vulnerability
Next by thread: FW: [Dailydave] Canada's Response to Black Hat - SecTor 2007
Index(es):
- Date
- Thread