mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-06-07 05:28:59 +00:00
195 lines
8.3 KiB
JSON
195 lines
8.3 KiB
JSON
{
|
|
"id": "CVE-2020-9417",
|
|
"sourceIdentifier": "security@tibco.com",
|
|
"published": "2020-10-20T21:15:13.023",
|
|
"lastModified": "2023-11-07T03:26:53.593",
|
|
"vulnStatus": "Modified",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "The Transaction Insight reporting component of TIBCO Software Inc.'s TIBCO Foresight Archive and Retrieval System, TIBCO Foresight Archive and Retrieval System Healthcare Edition, TIBCO Foresight Operational Monitor, TIBCO Foresight Operational Monitor Healthcare Edition, TIBCO Foresight Transaction Insight, and TIBCO Foresight Transaction Insight Healthcare Edition contains a vulnerability that theoretically allows an authenticated attacker to perform SQL injection. Affected releases are TIBCO Software Inc.'s TIBCO Foresight Archive and Retrieval System: versions 5.1.0 and below, version 5.2.0, TIBCO Foresight Archive and Retrieval System Healthcare Edition: versions 5.1.0 and below, version 5.2.0, TIBCO Foresight Operational Monitor: versions 5.1.0 and below, version 5.2.0, TIBCO Foresight Operational Monitor Healthcare Edition: versions 5.1.0 and below, version 5.2.0, TIBCO Foresight Transaction Insight: versions 5.1.0 and below, version 5.2.0, and TIBCO Foresight Transaction Insight Healthcare Edition: versions 5.1.0 and below, version 5.2.0."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "El componente de reporte Transaction Insight de TIBCO Foresight Archive and Retrieval System, TIBCO Foresight Archive and Retrieval System Healthcare Edition, TIBCO Foresight Operational Monitor, TIBCO Foresight Operational Monitor Healthcare Edition, TIBCO Foresight Transaction Insight y TIBCO Foresight Transaction Insight Healthcare Edition, de TIBCO Software Inc, contiene una vulnerabilidad que te\u00f3ricamente permite a un atacante autenticado llevar a cabo una inyecci\u00f3n SQL. Las versiones afectadas son TIBCO Foresight Archive and Retrieval System de TIBCO Software Inc.: versiones 5.1.0 y anteriores, versi\u00f3n 5.2.0, TIBCO Foresight Archive and Retrieval System Healthcare Edition: versiones 5.1.0 y anteriores, versi\u00f3n 5.2.0, TIBCO Foresight Operational Monitor : versiones 5.1.0 y anteriores, versi\u00f3n 5.2.0, TIBCO Foresight Operational Monitor Healthcare Edition: versiones 5.1.0 y posteriores, versi\u00f3n 5.2.0, TIBCO Foresight Transaction Insight: versiones 5.1.0 y anteriores, versi\u00f3n 5.2.0, y TIBCO Foresight Transaction Insight Healthcare Edition: versiones 5.1.0 y anteriores, versi\u00f3n 5.2.0"
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "LOW",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 8.8,
|
|
"baseSeverity": "HIGH"
|
|
},
|
|
"exploitabilityScore": 2.8,
|
|
"impactScore": 5.9
|
|
},
|
|
{
|
|
"source": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
|
|
"type": "Secondary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "LOW",
|
|
"userInteraction": "REQUIRED",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "LOW",
|
|
"baseScore": 7.6,
|
|
"baseSeverity": "HIGH"
|
|
},
|
|
"exploitabilityScore": 2.1,
|
|
"impactScore": 5.5
|
|
}
|
|
],
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "LOW",
|
|
"authentication": "SINGLE",
|
|
"confidentialityImpact": "PARTIAL",
|
|
"integrityImpact": "PARTIAL",
|
|
"availabilityImpact": "PARTIAL",
|
|
"baseScore": 6.5
|
|
},
|
|
"baseSeverity": "MEDIUM",
|
|
"exploitabilityScore": 8.0,
|
|
"impactScore": 6.4,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-89"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:tibco:foresight_archive_and_retrieval_system:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "5.1.0",
|
|
"matchCriteriaId": "24CC381C-70BA-46B0-A8C6-9DD7B0932085"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:tibco:foresight_archive_and_retrieval_system:5.2.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "12FFB778-2E31-4E75-99B3-AB620193B2A4"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:tibco:foresight_operational_monitor:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "5.1.0",
|
|
"matchCriteriaId": "0CB54518-7889-447B-B8EC-812FF011C596"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:tibco:foresight_operational_monitor:5.2.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "CE96EB6F-2050-4876-8466-15F0EA0079AA"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:tibco:foresight_transaction_insight:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "5.1.0",
|
|
"matchCriteriaId": "3F6A4872-40D9-4E99-B6CE-11767905CAC1"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:tibco:foresight_transaction_insight:5.2.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0C48D320-634F-4351-920D-03A94F818685"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:tibco:foresight_archive_and_retrieval_system:*:*:*:*:healthcare:*:*:*",
|
|
"versionEndIncluding": "5.1.0",
|
|
"matchCriteriaId": "E0CA39E8-468D-41B5-8DF2-BEEAFECFB064"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:tibco:foresight_archive_and_retrieval_system:5.2.0:*:*:*:healthcare:*:*:*",
|
|
"matchCriteriaId": "197E69E9-1896-4B54-A06A-EFDC25E2100D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:tibco:foresight_operational_monitor:*:*:*:*:healthcare:*:*:*",
|
|
"versionEndIncluding": "5.1.0",
|
|
"matchCriteriaId": "5B035336-4C16-4992-B141-73FE1E921E62"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:tibco:foresight_operational_monitor:5.2.0:*:*:*:healthcare:*:*:*",
|
|
"matchCriteriaId": "8DC4D6EA-D63C-4377-8C90-44B0E1F32B21"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:tibco:foresight_transaction_insight:*:*:*:*:healthcare:*:*:*",
|
|
"versionEndIncluding": "5.1.0",
|
|
"matchCriteriaId": "D353B558-A623-45C9-91DC-E899034B0D69"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:tibco:foresight_transaction_insight:5.2.0:*:*:*:healthcare:*:*:*",
|
|
"matchCriteriaId": "D339F196-1147-4F16-A137-67C02D910850"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://www.tibco.com/services/support/advisories",
|
|
"source": "security@tibco.com",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |