Merge branch 'TIBCO-Spotfire-Statistics-Services-RCE' of https://github.com/TIBCOSoftware/cvelist

2018/12xxx/CVE-2018-12410.json

@@ -1,8 +1,34 @@
 {
    "CVE_data_meta" : {
-      "ASSIGNER" : "cve@mitre.org",
+      "ASSIGNER" : "security@tibco.com",
+      "DATE_PUBLIC" : "2018-10-10T16:00:00.000Z",
       "ID" : "CVE-2018-12410",
-      "STATE" : "RESERVED"
+      "STATE" : "PUBLIC",
+      "TITLE" : "TIBCO Spotfire Statistics Services remote execution vulnerabilities"
+   },
+   "affects" : {
+      "vendor" : {
+         "vendor_data" : [
+            {
+               "product" : {
+                  "product_data" : [
+                     {
+                        "product_name" : "TIBCO Spotfire Statistics Services",
+                        "version" : {
+                           "version_data" : [
+                              {
+                                 "affected" : "<=",
+                                 "version_value" : "7.11.0"
+                              }
+                           ]
+                        }
+                     }
+                  ]
+               },
+               "vendor_name" : "TIBCO Software Inc."
+            }
+         ]
+      }
    },
    "data_format" : "MITRE",
    "data_type" : "CVE",
@@ -11,8 +37,55 @@
       "description_data" : [
          {
             "lang" : "eng",
-            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided."
+            "value" : "The web server component of TIBCO Software Inc's Spotfire Statistics Services contains multiple vulnerabilities that may allow the remote execution of code. Without needing to authenticate, an attacker may be able to remotely execute code with the permissions of the system account used to run the web server component.\nAffected releases are TIBCO Software Inc. TIBCO Spotfire Statistics Services versions up to and including 7.11.0."
          }
       ]
+   },
+   "impact" : {
+      "cvss" : {
+         "attackComplexity" : "LOW",
+         "attackVector" : "NETWORK",
+         "availabilityImpact" : "HIGH",
+         "baseScore" : 9.8,
+         "baseSeverity" : "CRITICAL",
+         "confidentialityImpact" : "HIGH",
+         "integrityImpact" : "HIGH",
+         "privilegesRequired" : "NONE",
+         "scope" : "UNCHANGED",
+         "userInteraction" : "NONE",
+         "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+         "version" : "3.0"
+      }
+   },
+   "problemtype" : {
+      "problemtype_data" : [
+         {
+            "description" : [
+               {
+                  "lang" : "eng",
+                  "value" : "The impact of this vulnerability includes the theoretical possibility of unrestricted remote access to the operating system account hosting the web server component."
+               }
+            ]
+         }
+      ]
+   },
+   "references" : {
+      "reference_data" : [
+         {
+            "url" : "http://www.tibco.com/services/support/advisories"
+         },
+         {
+            "url" : "https://www.tibco.com/support/advisories/2018/10/tibco-security-advisory-october-10-2018-tibco-spotfire-statistics"
+         }
+      ]
+   },
+   "solution" : [
+      {
+         "lang" : "eng",
+         "value" : "TIBCO has released updated versions of the affected components which address these issues.\n\nIn addition to the updates, security related configuration changes may be required due to new defaults. Please review the documentation.\n\nFor each affected system, update to the corresponding software versions:\n- TIBCO Spotfire Statistics Services versions 7.11.0 and below update to version 7.11.1 or higher\n"
+      }
+   ],
+   "source" : {
+      "discovery" : "INTERNAL"
    }
 }