admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-10 02:04:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

Publication of advisories for TIBCO Messaging suite products.

Browse Source
This commit is contained in:
Eric Johnson 2018-11-06 09:38:08 -08:00
parent 8836ffb4bd
commit a6544163b5
No known key found for this signature in database
GPG Key ID: 59CD96D148FE29B0
5 changed files with 556 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

145
2018/12xxx/CVE-2018-12411.json
View File

@ -1,8 +1,100 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "security@tibco.com",
"DATE_PUBLIC" : "2018-11-06T17:00:00.000Z",
"ID" : "CVE-2018-12411",
"STATE" : "RESERVED"
"STATE" : "PUBLIC",
"TITLE" : "TIBCO ActiveSpaces Administrative Daemon Vulnerable to CSRF Attacks"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "TIBCO ActiveSpaces - Community Edition",
"version" : {
"version_data" : [
{
"affected" : "=",
"version_value" : "3.3.0"
},
{
"affected" : "=",
"version_value" : "3.4.0"
},
{
"affected" : "=",
"version_value" : "3.5.0"
}
]
}
},
{
"product_name" : "TIBCO ActiveSpaces - Developer Edition",
"version" : {
"version_data" : [
{
"affected" : "=",
"version_value" : "3.0.0"
},
{
"affected" : "=",
"version_value" : "3.1.0"
},
{
"affected" : "=",
"version_value" : "3.3.0"
},
{
"affected" : "=",
"version_value" : "3.4.0"
},
{
"affected" : "=",
"version_value" : "3.5.0"
}
]
}
},
{
"product_name" : "TIBCO ActiveSpaces - Enterprise Edition",
"version" : {
"version_data" : [
{
"affected" : "=",
"version_value" : "3.0.0"
},
{
"affected" : "=",
"version_value" : "3.1.0"
},
{
"affected" : "=",
"version_value" : "3.2.0"
},
{
"affected" : "=",
"version_value" : "3.3.0"
},
{
"affected" : "=",
"version_value" : "3.4.0"
},
{
"affected" : "=",
"version_value" : "3.5.0"
}
]
}
}
]
},
"vendor_name" : "TIBCO Software Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,8 +103,55 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "The administrative daemon (tibdgadmind) of TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition, TIBCO ActiveSpaces - Developer Edition, and TIBCO ActiveSpaces - Enterprise Edition allows contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks.\n\nAffected releases are TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition: 3.3.0; 3.4.0; 3.5.0, TIBCO ActiveSpaces - Developer Edition: 3.0.0; 3.1.0; 3.3.0; 3.4.0; 3.5.0, and TIBCO ActiveSpaces - Enterprise Edition: 3.0.0; 3.1.0; 3.2.0; 3.3.0; 3.4.0; 3.5.0."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "HIGH",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 7.5,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "REQUIRED",
"vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "In deployments that use the administrative daemon, there is a theoretical possibility that an attacker could gain full administrative access to the data grid, including the possibility of deleting data tables, and removing nodes from operation."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-activespaces"
},
{
"url" : "http://www.tibco.com/services/support/advisories"
}
]
},
"solution" : [
{
"lang" : "eng",
"value" : "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO ActiveSpaces - Community Edition versions 3.3.0, 3.4.0, and 3.5.0 update to version 3.5.1 or higher\nTIBCO ActiveSpaces - Developer Edition versions 3.0.0, 3.1.0, 3.3.0, 3.4.0, and 3.5.0 update to version 3.5.1 or higher\nTIBCO ActiveSpaces - Enterprise Edition versions 3.0.0, 3.1.0, 3.2.0, 3.3.0, 3.4.0, and 3.5.0 update to version 3.5.1 or higher.\n"
}
],
"source" : {
"discovery" : "INTERNAL"
}
}

101
2018/12xxx/CVE-2018-12412.json
View File

@ -1,8 +1,56 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "security@tibco.com",
"DATE_PUBLIC" : "2018-11-06T17:00:00.000Z",
"ID" : "CVE-2018-12412",
"STATE" : "RESERVED"
"STATE" : "PUBLIC",
"TITLE" : "TIBCO FTL Realm Server Vulnerable to CSRF Attacks"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "TIBCO FTL - Community Edition",
"version" : {
"version_data" : [
{
"affected" : "<=",
"version_value" : "5.4.0"
}
]
}
},
{
"product_name" : "TIBCO FTL - Developer Edition",
"version" : {
"version_data" : [
{
"affected" : "<=",
"version_value" : "5.4.0"
}
]
}
},
{
"product_name" : "TIBCO FTL - Enterprise Edition",
"version" : {
"version_data" : [
{
"affected" : "<=",
"version_value" : "5.4.0"
}
]
}
}
]
},
"vendor_name" : "TIBCO Software Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,8 +59,55 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "The realm server (tibrealmserver) component of TIBCO Software Inc. TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks.\n\nAffected releases are TIBCO Software Inc. TIBCO FTL - Community Edition: versions up to and including 5.4.0, TIBCO FTL - Developer Edition: versions up to and including 5.4.0, TIBCO FTL - Enterprise Edition: versions up to and including 5.4.0."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "HIGH",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 7.5,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "REQUIRED",
"vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "The impact of this vulnerability includes the theoretical possibility that an attacker could gain full access to realm configuration. With such access, the attacker might also be able to gain access to all data sent to endpoints controlled by the realm server."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-ftl"
},
{
"url" : "http://www.tibco.com/services/support/advisories"
}
]
},
"solution" : [
{
"lang" : "eng",
"value" : "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO FTL - Community Edition versions 5.4.0 and below update to version 5.4.1 or higher\nTIBCO FTL - Developer Edition versions 5.4.0 and below update to version 5.4.1 or higher\nTIBCO FTL - Enterprise Edition versions 5.4.0 and below update to version 5.4.1 or higher.\n"
}
],
"source" : {
"discovery" : "INTERNAL"
}
}

90
2018/12xxx/CVE-2018-12413.json
View File

@ -1,8 +1,45 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "security@tibco.com",
"DATE_PUBLIC" : "2018-11-06T17:00:00.000Z",
"ID" : "CVE-2018-12413",
"STATE" : "RESERVED"
"STATE" : "PUBLIC",
"TITLE" : "TIBCO Messaging - Apache Kafka Distribution - Schema Repository Vulnerable to CSRF Attacks"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition",
"version" : {
"version_data" : [
{
"affected" : "=",
"version_value" : "1.0.0"
}
]
}
},
{
"product_name" : "TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition",
"version" : {
"version_data" : [
{
"affected" : "=",
"version_value" : "1.0.0"
}
]
}
}
]
},
"vendor_name" : "TIBCO Software Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,8 +48,55 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "The Schema repository server (tibschemad) component of TIBCO Software Inc.'s TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition, and TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks.\n\nAffected releases are TIBCO Software Inc. TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition: 1.0.0, and TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition: 1.0.0."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "HIGH",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 7.5,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "REQUIRED",
"vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "The impact of this vulnerability includes the theoretical possibility that an attacker could gain full access to the configuration of message schemas used with an Apache Kafka deployment. With such access, the attacker could also configure Apache Kafka communications to fail."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-messaging-apache-kafka-distribution-schema-repository"
},
{
"url" : "http://www.tibco.com/services/support/advisories"
}
]
},
"solution" : [
{
"lang" : "eng",
"value" : "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition version 1.0.0 update to version 1.0.1 or higher\nTIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition version 1.0.0 update to version 1.0.1 or higher.\n"
}
],
"source" : {
"discovery" : "UNKNOWN"
}
}

134
2018/12xxx/CVE-2018-12414.json
View File

@ -1,8 +1,89 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "security@tibco.com",
"DATE_PUBLIC" : "2018-11-06T17:00:00.000Z",
"ID" : "CVE-2018-12414",
"STATE" : "RESERVED"
"STATE" : "PUBLIC",
"TITLE" : "TIBCO Rendezvous Vulnerable to CSRF Attacks"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "TIBCO Rendezvous",
"version" : {
"version_data" : [
{
"affected" : "<=",
"version_value" : "8.4.5"
}
]
}
},
{
"product_name" : "TIBCO Rendezvous Developer Edition",
"version" : {
"version_data" : [
{
"affected" : "<=",
"version_value" : "8.4.5"
}
]
}
},
{
"product_name" : "TIBCO Rendezvous for z/Linux",
"version" : {
"version_data" : [
{
"affected" : "<=",
"version_value" : "8.4.5"
}
]
}
},
{
"product_name" : "TIBCO Rendezvous for z/OS",
"version" : {
"version_data" : [
{
"affected" : "<=",
"version_value" : "8.4.5"
}
]
}
},
{
"product_name" : "TIBCO Rendezvous Network Server",
"version" : {
"version_data" : [
{
"affected" : "<=",
"version_value" : "1.1.2"
}
]
}
},
{
"product_name" : "TIBCO Substation ES",
"version" : {
"version_data" : [
{
"affected" : "<=",
"version_value" : "2.12.2"
}
]
}
}
]
},
"vendor_name" : "TIBCO Software Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,8 +92,55 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), and Rendezvous Daemon Manager (rvdm) components of TIBCO Software Inc.'s TIBCO Rendezvous, TIBCO Rendezvous Developer Edition, TIBCO Rendezvous for z/Linux, TIBCO Rendezvous for z/OS, TIBCO Rendezvous Network Server, TIBCO Substation ES contain vulnerabilities which may allow an attacker to perform cross-site request forgery (CSRF) attacks.\nAffected releases are TIBCO Software Inc.'s TIBCO Rendezvous: versions up to and including 8.4.5, TIBCO Rendezvous Developer Edition: versions up to and including 8.4.5, TIBCO Rendezvous for z/Linux: versions up to and including 8.4.5, TIBCO Rendezvous for z/OS: versions up to and including 8.4.5, TIBCO Rendezvous Network Server: versions up to and including 1.1.2, and TIBCO Substation ES: versions up to and including 2.12.2."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "HIGH",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 7.5,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "REQUIRED",
"vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "The impact of these vulnerabilities includes the theoretical possibility of reconfiguring all messaging handled by TIBCO Rendezvous (RV). With such access, the attacker might also be able to gain access to all data sent via RV."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-rendezvous"
},
{
"url" : "http://www.tibco.com/services/support/advisories"
}
]
},
"solution" : [
{
"lang" : "eng",
"value" : "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO Rendezvous versions 8.4.5 and below update to version 8.4.6 or higher\nTIBCO Rendezvous Developer Edition versions 8.4.5 and below update to version 8.4.6 or higher\nTIBCO Rendezvous for z/Linux versions 8.4.5 and below update to version 8.4.6 or higher\nTIBCO Rendezvous for z/OS versions 8.4.5 and below update to version 8.4.6 or higher\nTIBCO Rendezvous Network Server versions 1.1.2 and below update to version 1.1.3 or higher\nTIBCO Substation ES versions 2.12.0 and below update to version 2.12.1 or higher\n"
}
],
"source" : {
"discovery" : "INTERNAL"
}
}

101
2018/12xxx/CVE-2018-12415.json
View File

@ -1,8 +1,56 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "security@tibco.com",
"DATE_PUBLIC" : "2018-11-06T17:00:00.000Z",
"ID" : "CVE-2018-12415",
"STATE" : "RESERVED"
"STATE" : "PUBLIC",
"TITLE" : "TIBCO Enterprise Messaging Service Vulnerable to CSRF Attacks"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "TIBCO Enterprise Messaging Service",
"version" : {
"version_data" : [
{
"affected" : "<=",
"version_value" : "8.4.0"
}
]
}
},
{
"product_name" : "TIBCO Enterprise Messaging Service - Community Edition",
"version" : {
"version_data" : [
{
"affected" : "<=",
"version_value" : "8.4.0"
}
]
}
},
{
"product_name" : "TIBCO Enterprise Messaging Service - Developer Edition",
"version" : {
"version_data" : [
{
"affected" : "<=",
"version_value" : "8.4.0"
}
]
}
}
]
},
"vendor_name" : "TIBCO Software Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,8 +59,55 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "The Central Administration server (emsca) component of TIBCO Software Inc.'s TIBCO Enterprise Messaging Service, TIBCO Enterprise Messaging Service - Community Edition, and TIBCO Enterprise Messaging Service - Developer Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks.\nAffected releases are TIBCO Software Inc.'s TIBCO Enterprise Messaging Service: versions up to and including 8.4.0, TIBCO Enterprise Messaging Service - Community Edition: versions up to and including 8.4.0, and TIBCO Enterprise Messaging Service - Developer Edition versions up to and including 8.4.0."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "HIGH",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 7.5,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "REQUIRED",
"vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "In deployments of TIBCO Enterprise Messaging Service (EMS) that use the Central Administration server, the impact of this vulnerability includes the theoretical possibility of reconfiguring all EMS servers administered by the affected component. With such access, the attacker might also be able to gain access to all data sent via EMS."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-enterprise-messaging-service"
},
{
"url" : "http://www.tibco.com/services/support/advisories"
}
]
},
"solution" : [
{
"lang" : "eng",
"value" : "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO Enterprise Messaging Service versions 8.4.0 and below update to version 8.4.1 or higher\nTIBCO Enterprise Messaging Service - Community Edition versions 8.4.0 and below update to version 8.4.1 or higher\nTIBCO Enterprise Messaging Service - Developer Edition versions 8.4.0 and below update to version 8.4.1 or higher\n"
}
],
"source" : {
"discovery" : "INTERNAL"
}
}