VIR Vulnerability Intelligence Relay

CVE-2015-7912

critical
Published 2015-11-21 · Modified 2026-05-06
CVSS v3
CVSS v2
10.0
VIR risk
10.0

Description

The Ice Faces servlet in ag_server_service.exe in the AggreGate Server Service in Tibbo AggreGate before 5.30.06 allows remote attackers to upload and execute arbitrary Java code via a crafted XML document.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: ics-cert@hq.dhs.gov — https://ics-cert.us-cert.gov/advisories/ICSA-15-323-01

Application impact
VendorProductVersionsFixed
tibboaggregate{"endIncluding":"5.21.02"}

References

Verify integrity in audit chain (admin only). AS-IS.