admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-08 05:58:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Publish TIBCO FTL vulnerability CVE-2019-11209.

Browse Source
This commit is contained in:
Eric Johnson 2019-08-19 18:29:38 -07:00
parent f712d1596b
commit df57026b67
No known key found for this signature in database
GPG Key ID: 59CD96D148FE29B0
1 changed files with 127 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

132
2019/11xxx/CVE-2019-11209.json
View File

@ -1,18 +1,138 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2019-08-20T16:00:00.000Z",
"ID": "CVE-2019-11209", "ID": "CVE-2019-11209",
"ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC",
"STATE": "RESERVED" "TITLE": "TIBCO FTL Escalation Of Privileges for Realm Configuration"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO FTL Community Edition",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "6.0.0"
},
{
"version_affected": "=",
"version_value": "6.0.1"
},
{
"version_affected": "=",
"version_value": "6.1.0"
}
]
}
},
{
"product_name": "TIBCO FTL Developer Edition",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "6.0.1"
},
{
"version_affected": "=",
"version_value": "6.1.0"
}
]
}
},
{
"product_name": "TIBCO FTL Enterprise Edition",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "6.0.0"
},
{
"version_affected": "=",
"version_value": "6.0.1"
},
{
"version_affected": "=",
"version_value": "6.1.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "The realm configuration component of TIBCO Software Inc.'s TIBCO FTL Community Edition, TIBCO FTL Developer Edition, TIBCO FTL Enterprise Edition contains a vulnerability that theoretically fails to properly enforce access controls.\n\nThis issue affects TIBCO FTL Community Edition 6.0.0; 6.0.1; 6.1.0, TIBCO FTL Developer Edition 6.0.1; 6.1.0, and TIBCO FTL Enterprise Edition 6.0.0; 6.0.1; 6.1.0.\n"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the theoretical possibility that an attacker could gain access to the contents of all messages in the FTL realm, manipulate the contents of the messages, and deny access to sending messages."
} }
] ]
} }
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2019/08/tibco-security-advisory-august-20-2019-tibco-ftl"
}
]
},
"solution": [
{
"lang": "eng",
"value": "TIBCO has released updated versions of the affected systems which address these issues.\n\nTIBCO FTL Community Edition versions 6.0.0, 6.0.1 and 6.1.0 update to version 6.2.0 or higher.\nTIBCO FTL Developer Edition versions 6.0.1 and 6.1.0 update to version 6.2.0 or higher.\nTIBCO FTL Enterprise Edition versions 6.0.0, 6.0.1 and 6.1.0 update to version 6.2.0 or higher.\n"
}
],
"source": {
"discovery": "INTERNAL"
}
} }