Publication of CVE for TIBCO Data Virtualization.

2025-08-04 08:44:25 +00:00 · 2018-06-20 09:27:23 -07:00 · 2018-06-20 09:27:23 -07:00 · ad1d1c90ee
commit ad1d1c90ee
parent f90af5ae23
1 changed files with 86 additions and 12 deletions
--- a/2018/5xxx/CVE-2018-5428.json
+++ b/2018/5xxx/CVE-2018-5428.json
@ -1,18 +1,92 @@
 {
-   "CVE_data_meta" : {
-      "ASSIGNER" : "cve@mitre.org",
-      "ID" : "CVE-2018-5428",
-      "STATE" : "RESERVED"
+   "CVE_data_meta": {
+      "ASSIGNER": "security@tibco.com",
+      "DATE_PUBLIC": "2018-06-20T16:00:00.000Z",
+      "ID": "CVE-2018-5428",
+      "STATE": "PUBLIC",
+      "TITLE": "TIBCO Data Virtualization Command Injection Vulnerability"
   },
-   "data_format" : "MITRE",
-   "data_type" : "CVE",
-   "data_version" : "4.0",
-   "description" : {
-      "description_data" : [
+   "affects": {
+      "vendor": {
+         "vendor_data": [
+            {
+               "product": {
+                  "product_data": [
+                     {
+                        "product_name": "TIBCO Data Virtualization",
+                        "version": {
+                           "version_data": [
+                              {
+                                 "affected": "=",
+                                 "version_value": "7.0.5"
+                              },
+                              {
+                                 "affected": "=",
+                                 "version_value": "7.0.6"
+                              }
+                           ]
+                        }
+                     }
+                  ]
+               },
+               "vendor_name": "TIBCO Software Inc."
+            }
+         ]
+      }
+   },
+   "data_format": "MITRE",
+   "data_type": "CVE",
+   "data_version": "4.0",
+   "description": {
+      "description_data": [
         {
-            "lang" : "eng",
-            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided."
+            "lang": "eng",
+            "value": "The version control adapters component of TIBCO Data Virtualization (formerly known as Cisco Information Server) contains vulnerabilities that may allow for arbitrary command execution.\nAffected releases are TIBCO Data Virtualization: 7.0.5; 7.0.6."
         }
      ]
+   },
+   "impact": {
+      "cvss": {
+         "attackComplexity": "LOW",
+         "attackVector": "NETWORK",
+         "availabilityImpact": "HIGH",
+         "baseScore": 8.8,
+         "baseSeverity": "HIGH",
+         "confidentialityImpact": "HIGH",
+         "integrityImpact": "HIGH",
+         "privilegesRequired": "LOW",
+         "scope": "UNCHANGED",
+         "userInteraction": "NONE",
+         "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+         "version": "3.0"
+      }
+   },
+   "problemtype": {
+      "problemtype_data": [
+         {
+            "description": [
+               {
+                  "lang": "eng",
+                  "value": "The impact of the vulnerability includes the theoretical possibility of disclosing contents of files on the host machine that are accessible to the operating system account used to run the affected component."
+               }
+            ]
+         }
+      ]
+   },
+   "references": {
+      "reference_data": [
+         {
+            "url": "https://www.tibco.com/support/advisories/2018/06/tibco-security-advisory-june-20-2018-tibco-data-virtualization"
+         }
+      ]
+   },
+   "solution": [
+      {
+         "lang": "eng",
+         "value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n* TIBCO Data Virtualization versions 7.0.5 and 7.0.6 update to version 7.0.7 or higher.\n"
+      }
+   ],
+   "source": {
+      "discovery": "USER"
   }
-}
+}