Add CVE-2019-17339

2025-06-07 21:47:16 +00:00 · 2020-08-11 12:27:26 -07:00 · 2020-08-11 12:27:26 -07:00 · fe2b8fa8c9
commit fe2b8fa8c9
parent 7d9de6af93
1 changed files with 90 additions and 0 deletions
--- a/2019/17xxx/CVE-2019-17339.json
+++ b/2019/17xxx/CVE-2019-17339.json
@ -0,0 +1,90 @@
+{
+	"CVE_data_meta": {
+		"ASSIGNER": "security@tibco.com",
+		"DATE_PUBLIC": "2020-08-11T17:00:00Z",
+		"ID": "CVE-2019-17339",
+		"STATE": "PUBLIC",
+		"TITLE": "TIBCO Silver Fabric XSS vulerability"
+	},
+	"affects": {
+		"vendor": {
+			"vendor_data": [
+				{
+					"product": {
+						"product_data": [
+							{
+								"product_name": "TIBCO Silver Fabric",
+								"version": {
+									"version_data": [
+										{
+											"version_affected": "<=",
+											"version_value": "6.0.0"
+										}
+									]
+								}
+							}
+						]
+					},
+					"vendor_name": "TIBCO Software Inc."
+				}
+			]
+		}
+	},
+	"data_format": "MITRE",
+	"data_type": "CVE",
+	"data_version": "4.0",
+	"description": {
+		"description_data": [
+			{
+				"lang": "eng",
+				"value": "The VirtualRouter component of TIBCO Software Inc.'s TIBCO Silver Fabric contains a vulnerability that theoretically allows an attacker to inject scripts via URLs. The attacker could theoretically social engineer an authenticated user into submitting the URL, thus executing the script on the affected system with the privileges of the user.\n\nAffected releases are TIBCO Software Inc.'s TIBCO Silver Fabric: versions 6.0.0 and below.\n"
+			}
+		]
+	},
+	"impact": {
+		"cvss": {
+			"attackComplexity": "HIGH",
+			"attackVector": "NETWORK",
+			"availabilityImpact": "NONE",
+			"baseScore": 6.8,
+			"baseSeverity": "MEDIUM",
+			"confidentialityImpact": "HIGH",
+			"integrityImpact": "HIGH",
+			"privilegesRequired": "NONE",
+			"scope": "UNCHANGED",
+			"userInteraction": "REQUIRED",
+			"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
+			"version": "3.0"
+		}
+	},
+	"problemtype": {
+		"problemtype_data": [
+			{
+				"description": [
+					{
+						"lang": "eng",
+						"value": "The impact of this vulnerability includes the possibility that an attacker could steal session tokens of the authenticated user which would allow the attacker to hijack the session and perform whatever tasks the user has permission to execute."
+					}
+				]
+			}
+		]
+	},
+	"references": {
+		"reference_data": [
+			{
+				"name": "http://www.tibco.com/services/support/advisories",
+				"refsource": "CONFIRM",
+				"url": "http://www.tibco.com/services/support/advisories"
+			}
+		]
+	},
+	"solution": [
+		{
+			"lang": "eng",
+			"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Silver Fabric versions 6.0.0 and below update to version 6.0.1 or higher"
+		}
+	],
+	"source": {
+		"discovery": "USER"
+	}
+}