mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
120 lines
5.3 KiB
JSON
120 lines
5.3 KiB
JSON
{
|
|
"CVE_data_meta": {
|
|
"ASSIGNER": "security@tibco.com",
|
|
"DATE_PUBLIC": "2018-11-06T17:00:00Z",
|
|
"UPDATED": "2020-01-28T17:00:00Z",
|
|
"ID": "CVE-2018-12415",
|
|
"STATE": "PUBLIC",
|
|
"TITLE": "TIBCO Enterprise Message Service Vulnerable to CSRF Attacks"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "TIBCO Software Inc.",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "TIBCO Enterprise Message Service",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "8.4.0 and previous"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "TIBCO Enterprise Message Service - Community Edition",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "8.4.0 and previous"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "TIBCO Enterprise Message Service - Developer Edition",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "8.4.0 and previous"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"data_format": "MITRE",
|
|
"data_type": "CVE",
|
|
"data_version": "4.0",
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "The Central Administration server (emsca) component of TIBCO Software Inc.'s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Enterprise Message Service: versions 8.4.0 and below, TIBCO Enterprise Message Service - Community Edition: versions 8.4.0 and below, and TIBCO Enterprise Message Service - Developer Edition: versions 8.4.0 and below."
|
|
}
|
|
]
|
|
},
|
|
"impact": {
|
|
"cvss": {
|
|
"attackComplexity": "HIGH",
|
|
"attackVector": "NETWORK",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 7.5,
|
|
"baseSeverity": "HIGH",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"privilegesRequired": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"userInteraction": "REQUIRED",
|
|
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
|
"version": "3.0"
|
|
}
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "In deployments of TIBCO Enterprise Message Service (EMS) that use the Central Administration server, the impact of this vulnerability includes the theoretical possibility of reconfiguring all EMS servers administered by the affected component. With such access, the attacker might also be able to gain access to all data sent via EMS."
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"name": "http://www.tibco.com/services/support/advisories",
|
|
"refsource": "MISC",
|
|
"url": "http://www.tibco.com/services/support/advisories"
|
|
},
|
|
{
|
|
"name": "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-enterprise-messaging-service",
|
|
"refsource": "CONFIRM",
|
|
"url": "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-enterprise-messaging-service"
|
|
},
|
|
{
|
|
"name": "105850",
|
|
"refsource": "BID",
|
|
"url": "http://www.securityfocus.com/bid/105850"
|
|
}
|
|
]
|
|
},
|
|
"solution": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Enterprise Message Service versions 8.4.0 and below update to version 8.4.1 or higher\nTIBCO Enterprise Message Service - Community Edition versions 8.4.0 and below update to version 8.4.1 or higher\nTIBCO Enterprise Message Service - Developer Edition versions 8.4.0 and below update to version 8.4.1 or higher"
|
|
}
|
|
],
|
|
"source": {
|
|
"discovery": "INTERNAL"
|
|
}
|
|
} |