Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

IRM Vendor Alerts: Six critical remote vulnerabilities in TIBCO SmartPGM FX

From: "Andy Davis" <andy.davis () irmplc com>
Date: Tue, 16 Oct 2007 17:25:59 +0100
IRM have discovered six critical remote vulnerabilities in TIBCO SmartPGM FX. Five of these vulnerabilities could 
potentially result in an attacker gaining remote administrative control of the server on which SmartPGM FX is running 
and therefore, also allow access to any data stored on or being communicated by the server.

The final vulnerability, a Denial of Service attack, would stop the SmartPGM FX service so that file transfers could 
not be performed.

More information can be found at the following location:

http://www.irmplc.com/index.php/111-Vendor-Alerts

Once TIBCO has produced either workarounds or patches to mitigate these vulnerabilities, IRM will release advisories 
which will include full technical details.



Andy DavisĀ | Chief Research Officer

Information Risk Management Plc
8th Floor | Kings Building | Smith Square | London SW1P 3JJ
Tel: +44 (0) 1242 225 205
Fax: +44 (0) 1242 225 215
www.irmplc.com

The information contained in this email is privileged and confidential and is intended only for the use of the 
addressee. Unauthorised disclosure, copying or distribution of the contents is strictly prohibited. Please reply 
immediately if you receive this email in error and then immediately delete it from your system.

Where relevant, any quotation contained within this email is exclusive of VAT at the current rate and valid for 30 days 
from the date of this email. Information Risk Management Plc (IRM) does not authorise the creation of contracts on its 
behalf by email. All information contained within this email and its attachments are subject to IRM's standard terms 
and conditions, a copy of which is available upon request.

All attachments have been scanned for viruses using regularly updated programs. IRM cannot accept liability for any 
damage you incur as a result of virus infection and we advise that you should carry out such virus and other checks as 
you consider appropriate.
IRM is a company registered in England with company number 3612719. The above address is the official registered office 
of IRM.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: