CWE-863

BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers access to /tmp path which contains some sensitive data (e.g. device serial number). Having those info, a possible loginId can be self-calculated in a brute force attack against BMX interface. This is usable and part of an attack chain to gain SSH root access.

The Acexy Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) Web management administrator password can be changed by sending a specially crafted HTTP GET request. The administrator username has to be known (default:admin) whereas no previous authentication is required.

The Windows Installation component of TIBCO Software Inc.’s TIBCO FTL – Community Edition, TIBCO FTL – Developer Edition, and TIBCO FTL – Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.’s TIBCO FTL – Community Edition: versions 6.5.0 and below, TIBCO FTL – Developer Edition: versions 6.5.0 and below, and TIBCO FTL – Enterprise Edition: versions 6.5.0 and below.

The Windows Installation component of TIBCO Software Inc.’s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service – Community Edition, and TIBCO Enterprise Message Service – Developer Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.’s TIBCO Enterprise Message Service: versions 8.5.1 and below, TIBCO Enterprise Message Service – Community Edition: versions 8.5.1 and below, and TIBCO Enterprise Message Service – Developer Edition: versions 8.5.1 and below.

The Windows Installation component of TIBCO Software Inc.’s TIBCO eFTL – Community Edition, TIBCO eFTL – Developer Edition, and TIBCO eFTL – Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.’s TIBCO eFTL – Community Edition: versions 6.5.0 and below, TIBCO eFTL – Developer Edition: versions 6.5.0 and below, and TIBCO eFTL – Enterprise Edition: versions 6.5.0 and below.

The Windows Installation component of TIBCO Software Inc.’s TIBCO ActiveSpaces – Community Edition, TIBCO ActiveSpaces – Developer Edition, and TIBCO ActiveSpaces – Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.’s TIBCO ActiveSpaces – Community Edition: versions 4.5.0 and below, TIBCO ActiveSpaces – Developer Edition: versions 4.5.0 and below, and TIBCO ActiveSpaces – Enterprise Edition: versions 4.5.0 and below.