Auto-merge PR#3151

2025-08-04 08:44:25 +00:00 · 2020-01-28 13:15:21 -05:00 · 2020-01-28 13:15:21 -05:00 · 676d8e5075
commit 676d8e5075
parent 8e0b60f70e 6d876182fb
1 changed files with 95 additions and 0 deletions
--- a/2019/17xxx/CVE-2019-17338.json
+++ b/2019/17xxx/CVE-2019-17338.json
@ -0,0 +1,95 @@
+{
+	"CVE_data_meta": {
+		"ASSIGNER": "security@tibco.com",
+		"DATE_PUBLIC": "2020-01-28T17:00:00Z",
+		"ID": "CVE-2019-17338",
+		"STATE": "PUBLIC",
+		"TITLE": "TIBCO Patterns - Search Exposes Cross Site Scripting Vulnerabilities"
+	},
+	"affects": {
+		"vendor": {
+			"vendor_data": [
+				{
+					"product": {
+						"product_data": [
+							{
+								"product_name": "TIBCO Patterns - Search",
+								"version": {
+									"version_data": [
+										{
+											"version_affected": "<=",
+											"version_value": "5.4.0"
+										}
+									]
+								}
+							}
+						]
+					},
+					"vendor_name": "TIBCO Software Inc."
+				}
+			]
+		}
+	},
+	"data_format": "MITRE",
+	"data_type": "CVE",
+	"data_version": "4.0",
+	"description": {
+		"description_data": [
+			{
+				"lang": "eng",
+				"value": "The user interface component of TIBCO Software Inc.'s TIBCO Patterns - Search contains multiple vulnerabilities that theoretically allow authenticated users to perform persistent cross-site scripting (XSS) attacks.\n\nAffected releases are TIBCO Software Inc.'s TIBCO Patterns - Search: versions 5.4.0 and below.\n"
+			}
+		]
+	},
+	"impact": {
+		"cvss": {
+			"attackComplexity": "LOW",
+			"attackVector": "NETWORK",
+			"availabilityImpact": "NONE",
+			"baseScore": 7.3,
+			"baseSeverity": "HIGH",
+			"confidentialityImpact": "HIGH",
+			"integrityImpact": "HIGH",
+			"privilegesRequired": "LOW",
+			"scope": "UNCHANGED",
+			"userInteraction": "REQUIRED",
+			"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
+			"version": "3.0"
+		}
+	},
+	"problemtype": {
+		"problemtype_data": [
+			{
+				"description": [
+					{
+						"lang": "eng",
+						"value": "The impact of these vulnerabilities includes the theoretical possibility that an attacker could gain all privileges available via the affected component."
+					}
+				]
+			}
+		]
+	},
+	"references": {
+		"reference_data": [
+			{
+				"name": "https://www.tibco.com/support/advisories/2020/01/tibco-security-advisory-january-28-2020-tibco-patterns",
+				"refsource": "CONFIRM",
+				"url": "https://www.tibco.com/support/advisories/2020/01/tibco-security-advisory-january-28-2020-tibco-patterns"
+			},
+			{
+				"name": "http://www.tibco.com/services/support/advisories",
+				"refsource": "CONFIRM",
+				"url": "http://www.tibco.com/services/support/advisories"
+			}
+		]
+	},
+	"solution": [
+		{
+			"lang": "eng",
+			"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Patterns - Search versions 5.4.0 and below update to version 5.5.0 or higher"
+		}
+	],
+	"source": {
+		"discovery": "INTERNAL"
+	}
+}