admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-merge PR#3155

Browse Source 
Auto-merge PR#3155
This commit is contained in:
CVE Team 2020-01-29 10:55:15 -05:00 committed by GitHub
commit 9a4746c6b5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 122 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

193
2018/12xxx/CVE-2018-12415.json
View File

@ -1,72 +1,123 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"ID": "CVE-2018-12415",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Central Administration server (emsca) component of TIBCO Software Inc.'s TIBCO Enterprise Messaging Service, TIBCO Enterprise Messaging Service - Community Edition, and TIBCO Enterprise Messaging Service - Developer Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Enterprise Messaging Service: versions up to and including 8.4.0, TIBCO Enterprise Messaging Service - Community Edition: versions up to and including 8.4.0, and TIBCO Enterprise Messaging Service - Developer Edition versions up to and including 8.4.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "MISC",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-enterprise-messaging-service",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-enterprise-messaging-service"
},
{
"name": "105850",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105850"
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2018-11-06T17:00:00Z",
"UPDATED": "2020-01-28T17:00:00Z",
"ID": "CVE-2018-12415",
"STATE": "PUBLIC",
"TITLE": "TIBCO Enterprise Message Service Vulnerable to CSRF Attacks"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Enterprise Message Service",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "8.4.0"
}
]
}
},
{
"product_name": "TIBCO Enterprise Message Service - Community Edition",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "8.4.0"
}
]
}
},
{
"product_name": "TIBCO Enterprise Message Service - Developer Edition",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "8.4.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Central Administration server (emsca) component of TIBCO Software Inc.'s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks.\n\nAffected releases are TIBCO Software Inc.'s TIBCO Enterprise Message Service: versions 8.4.0 and below, TIBCO Enterprise Message Service - Community Edition: versions 8.4.0 and below, and TIBCO Enterprise Message Service - Developer Edition: versions 8.4.0 and below.\n"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "In deployments of TIBCO Enterprise Message Service (EMS) that use the Central Administration server, the impact of this vulnerability includes the theoretical possibility of reconfiguring all EMS servers administered by the affected component. With such access, the attacker might also be able to gain access to all data sent via EMS."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "MISC",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-enterprise-messaging-service",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-enterprise-messaging-service"
},
{
"name": "105850",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105850"
}
]
},
"solution": [
{
"lang": "eng",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Enterprise Message Service versions 8.4.0 and below update to version 8.4.1 or higher\nTIBCO Enterprise Message Service - Community Edition versions 8.4.0 and below update to version 8.4.1 or higher\nTIBCO Enterprise Message Service - Developer Edition versions 8.4.0 and below update to version 8.4.1 or higher"
}
],
"source": {
"discovery": "INTERNAL"
}
}