Search
Find a vulnerability
Search criteria
2 vulnerabilities found for TIBCO AuditSafe by TIBCO Software Inc.
CVE-2022-22770 (GCVE-0-2022-22770)
Vulnerability from nvd – Published: 2022-02-15 18:00 – Updated: 2024-09-16 22:36
VLAI
Title
TIBCO AuditSafe API Authentication vulnerability
Summary
The Web Server component of TIBCO Software Inc.'s TIBCO AuditSafe contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to execute API methods on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO AuditSafe: versions 1.1.0 and below.
Severity
9.8 (Critical)
CWE
- In the worst case, if the victim is a privileged administrator, successful execution of these vulnerabilities can result in an attacker gaining full administrative access to the API methods of the affected system.
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.tibco.com/services/support/advisories | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TIBCO Software Inc. | TIBCO AuditSafe |
Affected:
unspecified , ≤ 1.1.0
(custom)
|
Date Public
2022-02-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:21:49.164Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/services/support/advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO AuditSafe",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "1.1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-02-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Web Server component of TIBCO Software Inc.\u0027s TIBCO AuditSafe contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to execute API methods on the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO AuditSafe: versions 1.1.0 and below."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "In the worst case, if the victim is a privileged administrator, successful execution of these vulnerabilities can result in an attacker gaining full administrative access to the API methods of the affected system.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-15T18:07:41.000Z",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/services/support/advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO AuditSafe versions 1.1.0 and below update to version 1.1.1 or later"
}
],
"source": {
"discovery": "USER"
},
"title": "TIBCO AuditSafe API Authentication vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2022-02-15T17:00:00Z",
"ID": "CVE-2022-22770",
"STATE": "PUBLIC",
"TITLE": "TIBCO AuditSafe API Authentication vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO AuditSafe",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.1.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Web Server component of TIBCO Software Inc.\u0027s TIBCO AuditSafe contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to execute API methods on the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO AuditSafe: versions 1.1.0 and below."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "In the worst case, if the victim is a privileged administrator, successful execution of these vulnerabilities can result in an attacker gaining full administrative access to the API methods of the affected system."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/services/support/advisories"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO AuditSafe versions 1.1.0 and below update to version 1.1.1 or later"
}
],
"source": {
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2022-22770",
"datePublished": "2022-02-15T18:00:11.463Z",
"dateReserved": "2022-01-07T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:36:51.954Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22770 (GCVE-0-2022-22770)
Vulnerability from cvelistv5 – Published: 2022-02-15 18:00 – Updated: 2024-09-16 22:36
VLAI
Title
TIBCO AuditSafe API Authentication vulnerability
Summary
The Web Server component of TIBCO Software Inc.'s TIBCO AuditSafe contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to execute API methods on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO AuditSafe: versions 1.1.0 and below.
Severity
9.8 (Critical)
CWE
- In the worst case, if the victim is a privileged administrator, successful execution of these vulnerabilities can result in an attacker gaining full administrative access to the API methods of the affected system.
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.tibco.com/services/support/advisories | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TIBCO Software Inc. | TIBCO AuditSafe |
Affected:
unspecified , ≤ 1.1.0
(custom)
|
Date Public
2022-02-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:21:49.164Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/services/support/advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO AuditSafe",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "1.1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-02-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Web Server component of TIBCO Software Inc.\u0027s TIBCO AuditSafe contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to execute API methods on the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO AuditSafe: versions 1.1.0 and below."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "In the worst case, if the victim is a privileged administrator, successful execution of these vulnerabilities can result in an attacker gaining full administrative access to the API methods of the affected system.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-15T18:07:41.000Z",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/services/support/advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO AuditSafe versions 1.1.0 and below update to version 1.1.1 or later"
}
],
"source": {
"discovery": "USER"
},
"title": "TIBCO AuditSafe API Authentication vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2022-02-15T17:00:00Z",
"ID": "CVE-2022-22770",
"STATE": "PUBLIC",
"TITLE": "TIBCO AuditSafe API Authentication vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO AuditSafe",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.1.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Web Server component of TIBCO Software Inc.\u0027s TIBCO AuditSafe contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to execute API methods on the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO AuditSafe: versions 1.1.0 and below."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "In the worst case, if the victim is a privileged administrator, successful execution of these vulnerabilities can result in an attacker gaining full administrative access to the API methods of the affected system."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/services/support/advisories"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO AuditSafe versions 1.1.0 and below update to version 1.1.1 or later"
}
],
"source": {
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2022-22770",
"datePublished": "2022-02-15T18:00:11.463Z",
"dateReserved": "2022-01-07T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:36:51.954Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}