CVE-2021-28818: TIBCO Rendezvous Windows Platform Artifact Search vulnerability
First published: Tue Mar 23 2021(Updated: )
The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), Rendezvous Secure C API, Rendezvous Java API, and Rendezvous .Net API components of TIBCO Software Inc.'s TIBCO Rendezvous and TIBCO Rendezvous Developer Edition contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.'s TIBCO Rendezvous: versions 8.5.1 and below and TIBCO Rendezvous Developer Edition: versions 8.5.1 and below.
Credit: security@tibco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| TIBCO Rendezvous | <=8.5.1 | |
| TIBCO Rendezvous | <=8.5.1 | |
| Microsoft Windows |
Remedy
TIBCO has released updated versions of the affected components which address these issues. TIBCO Rendezvous versions 8.5.1 and below update to version 8.5.2 or higher TIBCO Rendezvous Developer Edition versions 8.5.1 and below update to version 8.5.2 or higher
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/last-modified-date
- agent/title
- agent/severity
- agent/author
- agent/remedy
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/tibco
- canonical/tibco rendezvous
- version/tibco rendezvous/8.5.1
- vendor/microsoft
- canonical/microsoft windows