Auto-merge PR#76

2025-06-19 17:32:41 +00:00 · 2020-11-10 12:50:17 -05:00 · 2020-11-10 12:50:17 -05:00 · 1a2355c2da
commit 1a2355c2da
parent daebf54444 c61e5cd35f
1 changed files with 89 additions and 17 deletions
--- a/2020/27xxx/CVE-2020-27146.json
+++ b/2020/27xxx/CVE-2020-27146.json
@ -1,18 +1,90 @@
 {
-    "data_type": "CVE",
+	"CVE_data_meta": {
-    "data_format": "MITRE",
+		"ASSIGNER": "security@tibco.com",
-    "data_version": "4.0",
+		"DATE_PUBLIC": "2020-11-10T17:00:00Z",
-    "CVE_data_meta": {
+		"ID": "CVE-2020-27146",
-        "ID": "CVE-2020-27146",
+		"STATE": "PUBLIC",
-        "ASSIGNER": "cve@mitre.org",
+		"TITLE": "TIBCO iProcess Workspace Browser CSRF"
-        "STATE": "RESERVED"
+	},
-    },
+	"affects": {
-    "description": {
+		"vendor": {
-        "description_data": [
+			"vendor_data": [
-            {
+				{
-                "lang": "eng",
+					"product": {
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+						"product_data": [
-            }
+							{
-        ]
+								"product_name": "TIBCO iProcess Workspace (Browser)",
-    }
+								"version": {
-}
+									"version_data": [
 										{
 											"version_affected": "<=",
 											"version_value": "11.6.0"
 										}
 									]
 								}
 							}
 						]
 					},
 					"vendor_name": "TIBCO Software Inc."
 				}
 			]
 		}
 	},
 	"data_format": "MITRE",
 	"data_type": "CVE",
 	"data_version": "4.0",
 	"description": {
 		"description_data": [
 			{
 				"lang": "eng",
 				"value": "The Core component of TIBCO Software Inc.'s TIBCO iProcess Workspace (Browser) contains a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a Cross Site Request Forgery (CSRF) attack on the affected system. A successful attack using this vulnerability requires human interaction from an authenticated user other than the attacker.\n\nAffected releases are TIBCO Software Inc.'s TIBCO iProcess Workspace (Browser): versions 11.6.0 and below.\n"
 			}
 		]
 	},
 	"impact": {
 		"cvss": {
 			"attackComplexity": "HIGH",
 			"attackVector": "NETWORK",
 			"availabilityImpact": "LOW",
 			"baseScore": 5,
 			"baseSeverity": "MEDIUM",
 			"confidentialityImpact": "LOW",
 			"integrityImpact": "LOW",
 			"privilegesRequired": "NONE",
 			"scope": "UNCHANGED",
 			"userInteraction": "REQUIRED",
 			"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
 			"version": "3.0"
 		}
 	},
 	"problemtype": {
 		"problemtype_data": [
 			{
 				"description": [
 					{
 						"lang": "eng",
 						"value": "Successful execution of this vulnerability can result in unauthorized read, update, insert or delete access to some of the data in the affected system."
 					}
 				]
 			}
 		]
 	},
 	"references": {
 		"reference_data": [
 			{
 				"name": "http://www.tibco.com/services/support/advisories",
 				"refsource": "CONFIRM",
 				"url": "http://www.tibco.com/services/support/advisories"
 			}
 		]
 	},
 	"solution": [
 		{
 			"lang": "eng",
 			"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO iProcess Workspace (Browser) versions 11.6.0 and below update to version 11.8.0 or higher"
 		}
 	],
 	"source": {
 		"discovery": "INTERNAL"
 	}
 }