CVE-2007-5545

Format string vulnerability in TIBCO SmartPGM FX allows remote attackers to execute arbitrary code via format string specifiers in unspecified vectors. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://osvdb.org/45276
http://securityreason.com/securityalert/3249
http://www.irmplc.com/index.php/111-Vendor-Alerts
http://www.securityfocus.com/archive/1/482353/100/0/threaded
http://www.securityfocus.com/bid/26092

Configurations

Configuration 1 (hide)

cpe:2.3:a:tibco:smart_pgm_fx:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2007-10-18 20:17

Updated : 2023-12-10 10:40

NVD link : CVE-2007-5545

Mitre link : CVE-2007-5545

CVE.ORG link : CVE-2007-5545

JSON object : View

Products Affected

tibco

smart_pgm_fx

CWE

CWE-134

Use of Externally-Controlled Format String

{"id": "CVE-2007-5545", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2007-10-18T20:17:00.000", "references": [{"url": "http://osvdb.org/45276", "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/3249", "source": "cve@mitre.org"}, {"url": "http://www.irmplc.com/index.php/111-Vendor-Alerts", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/482353/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/26092", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-134"}]}], "descriptions": [{"lang": "en", "value": "Format string vulnerability in TIBCO SmartPGM FX allows remote attackers to execute arbitrary code via format string specifiers in unspecified vectors. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes."}, {"lang": "es", "value": "Vulnerabilidad de cadena de formato en TIBCO SmartPGM FX permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante vectores no especificados. NOTA: a fecha de 16/10/2007, la \u00fanica revelaci\u00f3n es un preaviso vago sin informaci\u00f3n de uso inmediato. Sin embargo, dado que proviene de un investigador reputado, se le ha asignado un identificador CVE con prop\u00f3sitos de seguimiento."}], "lastModified": "2018-10-15T21:45:36.487", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:tibco:smart_pgm_fx:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F1AD267-E214-44CF-B03F-0EAD5344440E"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}