cvelistv5 - cve-2021-28828

CVE-2021-28828 (GCVE-0-2021-28828)

Vulnerability from cvelistv5

Published

2021-04-20 18:30

Modified

2024-09-16 18:54

Severity ?

7.6 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L

CWE

Successful execution of this vulnerability may result in unauthorized read, update, insert or delete access to TIBCO Administrator data on the affected system.

Summary

The Administration GUI component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition for z/Linux, and TIBCO Administrator - Enterprise Edition for z/Linux contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a SQL injection attack on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition: versions 5.11.0 and 5.11.1, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric: versions 5.11.0 and 5.11.1, TIBCO Administrator - Enterprise Edition for z/Linux: versions 5.10.2 and below, and TIBCO Administrator - Enterprise Edition for z/Linux: versions 5.11.0 and 5.11.1.

References

URL

Tags

	http://www.tibco.com/services/support/advisories	x_refsource_CONFIRM
	https://www.tibco.com/support/advisories/2021/04/tibco-security-advisory-april-20-2021-tibco-administrator-2021-28828	x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

TIBCO Software Inc.

TIBCO Administrator - Enterprise Edition

Version: unspecified <

TIBCO Software Inc.	TIBCO Administrator - Enterprise Edition	Version: 5.11.0 Version: 5.11.1
TIBCO Software Inc.	TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric	Version: unspecified <
TIBCO Software Inc.	TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric	Version: 5.11.0 Version: 5.11.1
TIBCO Software Inc.	TIBCO Administrator - Enterprise Edition for z/Linux	Version: unspecified <
TIBCO Software Inc.	TIBCO Administrator - Enterprise Edition for z/Linux	Version: 5.11.0 Version: 5.11.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T21:55:11.793Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.tibco.com/services/support/advisories"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tibco.com/support/advisories/2021/04/tibco-security-advisory-april-20-2021-tibco-administrator-2021-28828"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "TIBCO Administrator - Enterprise Edition",
          "vendor": "TIBCO Software Inc.",
          "versions": [
            {
              "lessThanOrEqual": "5.10.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "TIBCO Administrator - Enterprise Edition",
          "vendor": "TIBCO Software Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "5.11.0"
            },
            {
              "status": "affected",
              "version": "5.11.1"
            }
          ]
        },
        {
          "product": "TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric",
          "vendor": "TIBCO Software Inc.",
          "versions": [
            {
              "lessThanOrEqual": "5.10.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric",
          "vendor": "TIBCO Software Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "5.11.0"
            },
            {
              "status": "affected",
              "version": "5.11.1"
            }
          ]
        },
        {
          "product": "TIBCO Administrator - Enterprise Edition for z/Linux",
          "vendor": "TIBCO Software Inc.",
          "versions": [
            {
              "lessThanOrEqual": "5.10.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "TIBCO Administrator - Enterprise Edition for z/Linux",
          "vendor": "TIBCO Software Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "5.11.0"
            },
            {
              "status": "affected",
              "version": "5.11.1"
            }
          ]
        }
      ],
      "datePublic": "2021-04-20T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Administration GUI component of TIBCO Software Inc.\u0027s TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition for z/Linux, and TIBCO Administrator - Enterprise Edition for z/Linux contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a SQL injection attack on the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO Administrator - Enterprise Edition: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition: versions 5.11.0 and 5.11.1, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric: versions 5.11.0 and 5.11.1, TIBCO Administrator - Enterprise Edition for z/Linux: versions 5.10.2 and below, and TIBCO Administrator - Enterprise Edition for z/Linux: versions 5.11.0 and 5.11.1."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Successful execution of this vulnerability may result in unauthorized read, update, insert or delete access to TIBCO Administrator data on the affected system.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-20T19:06:16.000Z",
        "orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
        "shortName": "tibco"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.tibco.com/services/support/advisories"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tibco.com/support/advisories/2021/04/tibco-security-advisory-april-20-2021-tibco-administrator-2021-28828"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Administrator - Enterprise Edition versions 5.10.2 and below update to version 5.10.3 or higher\nTIBCO Administrator - Enterprise Edition versions 5.11.0 and 5.11.1 update to version 5.11.2 or higher\nTIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric versions 5.10.2 and below update to version 5.10.3 or higher\nTIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric versions 5.11.0 and 5.11.1 update to version 5.11.2 or higher\nTIBCO Administrator - Enterprise Edition for z/Linux versions 5.10.2 and below update to version 5.10.3 or higher\nTIBCO Administrator - Enterprise Edition for z/Linux versions 5.11.0 and 5.11.1 update to version 5.11.2 or higher"
        }
      ],
      "source": {
        "discovery": "USER"
      },
      "title": "TIBCO Administrator SQL injection vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@tibco.com",
          "DATE_PUBLIC": "2021-04-20T17:00:00Z",
          "ID": "CVE-2021-28828",
          "STATE": "PUBLIC",
          "TITLE": "TIBCO Administrator SQL injection vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "TIBCO Administrator - Enterprise Edition",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "5.10.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "TIBCO Administrator - Enterprise Edition",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "5.11.0"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "5.11.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "5.10.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "5.11.0"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "5.11.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "TIBCO Administrator - Enterprise Edition for z/Linux",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "5.10.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "TIBCO Administrator - Enterprise Edition for z/Linux",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "5.11.0"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "5.11.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "TIBCO Software Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Administration GUI component of TIBCO Software Inc.\u0027s TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition for z/Linux, and TIBCO Administrator - Enterprise Edition for z/Linux contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a SQL injection attack on the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO Administrator - Enterprise Edition: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition: versions 5.11.0 and 5.11.1, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric: versions 5.11.0 and 5.11.1, TIBCO Administrator - Enterprise Edition for z/Linux: versions 5.10.2 and below, and TIBCO Administrator - Enterprise Edition for z/Linux: versions 5.11.0 and 5.11.1."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Successful execution of this vulnerability may result in unauthorized read, update, insert or delete access to TIBCO Administrator data on the affected system."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.tibco.com/services/support/advisories",
              "refsource": "CONFIRM",
              "url": "http://www.tibco.com/services/support/advisories"
            },
            {
              "name": "https://www.tibco.com/support/advisories/2021/04/tibco-security-advisory-april-20-2021-tibco-administrator-2021-28828",
              "refsource": "CONFIRM",
              "url": "https://www.tibco.com/support/advisories/2021/04/tibco-security-advisory-april-20-2021-tibco-administrator-2021-28828"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Administrator - Enterprise Edition versions 5.10.2 and below update to version 5.10.3 or higher\nTIBCO Administrator - Enterprise Edition versions 5.11.0 and 5.11.1 update to version 5.11.2 or higher\nTIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric versions 5.10.2 and below update to version 5.10.3 or higher\nTIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric versions 5.11.0 and 5.11.1 update to version 5.11.2 or higher\nTIBCO Administrator - Enterprise Edition for z/Linux versions 5.10.2 and below update to version 5.10.3 or higher\nTIBCO Administrator - Enterprise Edition for z/Linux versions 5.11.0 and 5.11.1 update to version 5.11.2 or higher"
          }
        ],
        "source": {
          "discovery": "USER"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
    "assignerShortName": "tibco",
    "cveId": "CVE-2021-28828",
    "datePublished": "2021-04-20T18:30:17.807Z",
    "dateReserved": "2021-03-18T00:00:00.000Z",
    "dateUpdated": "2024-09-16T18:54:24.252Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2021-28828 (GCVE-0-2021-28828)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature