admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-07 13:37:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-merge PR#2447

Browse Source 
Auto-merge PR#2447
This commit is contained in:
CVE Team 2019-08-20 13:25:10 -04:00 committed by GitHub
commit 0dd2a9078a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 127 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

134
2019/11xxx/CVE-2019-11209.json
View File

@ -1,18 +1,138 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2019-08-20T16:00:00.000Z",
"ID": "CVE-2019-11209",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "TIBCO FTL Escalation Of Privileges for Realm Configuration"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO FTL Community Edition",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "6.0.0"
},
{
"version_affected": "=",
"version_value": "6.0.1"
},
{
"version_affected": "=",
"version_value": "6.1.0"
}
]
}
},
{
"product_name": "TIBCO FTL Developer Edition",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "6.0.1"
},
{
"version_affected": "=",
"version_value": "6.1.0"
}
]
}
},
{
"product_name": "TIBCO FTL Enterprise Edition",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "6.0.0"
},
{
"version_affected": "=",
"version_value": "6.0.1"
},
{
"version_affected": "=",
"version_value": "6.1.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The realm configuration component of TIBCO Software Inc.'s TIBCO FTL Community Edition, TIBCO FTL Developer Edition, TIBCO FTL Enterprise Edition contains a vulnerability that theoretically fails to properly enforce access controls.\n\nThis issue affects TIBCO FTL Community Edition 6.0.0; 6.0.1; 6.1.0, TIBCO FTL Developer Edition 6.0.1; 6.1.0, and TIBCO FTL Enterprise Edition 6.0.0; 6.0.1; 6.1.0.\n"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the theoretical possibility that an attacker could gain access to the contents of all messages in the FTL realm, manipulate the contents of the messages, and deny access to sending messages."
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2019/08/tibco-security-advisory-august-20-2019-tibco-ftl"
}
]
},
"solution": [
{
"lang": "eng",
"value": "TIBCO has released updated versions of the affected systems which address these issues.\n\nTIBCO FTL Community Edition versions 6.0.0, 6.0.1 and 6.1.0 update to version 6.2.0 or higher.\nTIBCO FTL Developer Edition versions 6.0.1 and 6.1.0 update to version 6.2.0 or higher.\nTIBCO FTL Enterprise Edition versions 6.0.0, 6.0.1 and 6.1.0 update to version 6.2.0 or higher.\n"
}
],
"source": {
"discovery": "INTERNAL"
}
}
}