CVE-2018-5432 (GCVE-0-2018-5432)
Vulnerability from cvelistv5
Published
2018-06-13 13:00
Modified
2024-09-17 02:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- The impact of the vulnerability includes the theoretical possibility of a user performing operations using another user's access, including administrative functions being performed by a non-administrative user. The impact also theoretically includes access to all administrative information, including deployment variable settings ("global variables")
Summary
The TIBCO Administrator server component of of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, and TIBCO Administrator - Enterprise Edition for z/Linux contains multiple vulnerabilities wherein a malicious user could theoretically perform cross-site scripting (XSS) attacks by way of manipulating artifacts prior to uploading them. Affected releases are TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition: versions up to and including 5.10.0, and TIBCO Administrator - Enterprise Edition for z/Linux: versions up to and including 5.9.1.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Administrator - Enterprise Edition |
Version: unspecified < |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:44.377Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104458",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104458"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2018/06/security-advisory-june-12-2018-tibco-administrator-enterprise-edition-2018-5432"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Administrator - Enterprise Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "5.10.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Administrator - Enterprise Edition for z/Linux",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "5.9.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "TIBCO would like to extend its appreciation to Baker Hamilton at Bishop Fox for discovery of this vulnerability."
}
],
"datePublic": "2018-06-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The TIBCO Administrator server component of of TIBCO Software Inc.\u0027s TIBCO Administrator - Enterprise Edition, and TIBCO Administrator - Enterprise Edition for z/Linux contains multiple vulnerabilities wherein a malicious user could theoretically perform cross-site scripting (XSS) attacks by way of manipulating artifacts prior to uploading them. Affected releases are TIBCO Software Inc.\u0027s TIBCO Administrator - Enterprise Edition: versions up to and including 5.10.0, and TIBCO Administrator - Enterprise Edition for z/Linux: versions up to and including 5.9.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of the vulnerability includes the theoretical possibility of a user performing operations using another user\u0027s access, including administrative functions being performed by a non-administrative user. The impact also theoretically includes access to all administrative information, including deployment variable settings (\"global variables\")",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-14T09:57:01.000Z",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"name": "104458",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104458"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2018/06/security-advisory-june-12-2018-tibco-administrator-enterprise-edition-2018-5432"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nFor each affected system, update to the corresponding software versions:\nTIBCO Administrator - Enterprise Edition versions 5.10.0 and below update to version 5.10.1 or higher\nTIBCO Administrator - Enterprise Edition for z/Linux versions 5.9.1 and below update to version 5.10.1 or higher"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "TIBCO Administrator - Enterprise Edition Cross-Site Scripting Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2018-06-12T16:00:00.000Z",
"ID": "CVE-2018-5432",
"STATE": "PUBLIC",
"TITLE": "TIBCO Administrator - Enterprise Edition Cross-Site Scripting Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Administrator - Enterprise Edition",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "5.10.0"
}
]
}
},
{
"product_name": "TIBCO Administrator - Enterprise Edition for z/Linux",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "5.9.1"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "TIBCO would like to extend its appreciation to Baker Hamilton at Bishop Fox for discovery of this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TIBCO Administrator server component of of TIBCO Software Inc.\u0027s TIBCO Administrator - Enterprise Edition, and TIBCO Administrator - Enterprise Edition for z/Linux contains multiple vulnerabilities wherein a malicious user could theoretically perform cross-site scripting (XSS) attacks by way of manipulating artifacts prior to uploading them. Affected releases are TIBCO Software Inc.\u0027s TIBCO Administrator - Enterprise Edition: versions up to and including 5.10.0, and TIBCO Administrator - Enterprise Edition for z/Linux: versions up to and including 5.9.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of the vulnerability includes the theoretical possibility of a user performing operations using another user\u0027s access, including administrative functions being performed by a non-administrative user. The impact also theoretically includes access to all administrative information, including deployment variable settings (\"global variables\")"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104458",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104458"
},
{
"name": "https://www.tibco.com/support/advisories/2018/06/security-advisory-june-12-2018-tibco-administrator-enterprise-edition-2018-5432",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2018/06/security-advisory-june-12-2018-tibco-administrator-enterprise-edition-2018-5432"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nFor each affected system, update to the corresponding software versions:\nTIBCO Administrator - Enterprise Edition versions 5.10.0 and below update to version 5.10.1 or higher\nTIBCO Administrator - Enterprise Edition for z/Linux versions 5.9.1 and below update to version 5.10.1 or higher"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2018-5432",
"datePublished": "2018-06-13T13:00:00.000Z",
"dateReserved": "2018-01-12T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:05:57.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…