Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for TIBCO Silver Fabric by TIBCO Software Inc.

    CVE-2019-17339 (GCVE-0-2019-17339)

    Vulnerability from nvd – Published: 2020-08-11 19:30 – Updated: 2024-09-17 00:45
    VLAI
    Title
    TIBCO Silver Fabric XSS vulerability
    Summary
    The VirtualRouter component of TIBCO Software Inc.'s TIBCO Silver Fabric contains a vulnerability that theoretically allows an attacker to inject scripts via URLs. The attacker could theoretically social engineer an authenticated user into submitting the URL, thus executing the script on the affected system with the privileges of the user. Affected releases are TIBCO Software Inc.'s TIBCO Silver Fabric: versions 6.0.0 and below.
    CWE
    • The impact of this vulnerability includes the possibility that an attacker could steal session tokens of the authenticated user which would allow the attacker to hijack the session and perform whatever tasks the user has permission to execute.
    Assigner
    References
    Impacted products
    Vendor Product Version
    TIBCO Software Inc. TIBCO Silver Fabric Affected: unspecified , ≤ 6.0.0 (custom)
    Create a notification for this product.
    Date Public
    2020-08-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T01:40:14.516Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.tibco.com/services/support/advisories"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "TIBCO Silver Fabric",
              "vendor": "TIBCO Software Inc.",
              "versions": [
                {
                  "lessThanOrEqual": "6.0.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-08-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The VirtualRouter component of TIBCO Software Inc.\u0027s TIBCO Silver Fabric contains a vulnerability that theoretically allows an attacker to inject scripts via URLs. The attacker could theoretically social engineer an authenticated user into submitting the URL, thus executing the script on the affected system with the privileges of the user. Affected releases are TIBCO Software Inc.\u0027s TIBCO Silver Fabric: versions 6.0.0 and below."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "The impact of this vulnerability includes the possibility that an attacker could steal session tokens of the authenticated user which would allow the attacker to hijack the session and perform whatever tasks the user has permission to execute.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-08-11T19:30:14.000Z",
            "orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
            "shortName": "tibco"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.tibco.com/services/support/advisories"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Silver Fabric versions 6.0.0 and below update to version 6.0.1 or higher"
            }
          ],
          "source": {
            "discovery": "USER"
          },
          "title": "TIBCO Silver Fabric XSS vulerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@tibco.com",
              "DATE_PUBLIC": "2020-08-11T17:00:00Z",
              "ID": "CVE-2019-17339",
              "STATE": "PUBLIC",
              "TITLE": "TIBCO Silver Fabric XSS vulerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "TIBCO Silver Fabric",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "6.0.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "TIBCO Software Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The VirtualRouter component of TIBCO Software Inc.\u0027s TIBCO Silver Fabric contains a vulnerability that theoretically allows an attacker to inject scripts via URLs. The attacker could theoretically social engineer an authenticated user into submitting the URL, thus executing the script on the affected system with the privileges of the user. Affected releases are TIBCO Software Inc.\u0027s TIBCO Silver Fabric: versions 6.0.0 and below."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "The impact of this vulnerability includes the possibility that an attacker could steal session tokens of the authenticated user which would allow the attacker to hijack the session and perform whatever tasks the user has permission to execute."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.tibco.com/services/support/advisories",
                  "refsource": "CONFIRM",
                  "url": "http://www.tibco.com/services/support/advisories"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Silver Fabric versions 6.0.0 and below update to version 6.0.1 or higher"
              }
            ],
            "source": {
              "discovery": "USER"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
        "assignerShortName": "tibco",
        "cveId": "CVE-2019-17339",
        "datePublished": "2020-08-11T19:30:14.315Z",
        "dateReserved": "2019-10-07T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:45:44.564Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-17339 (GCVE-0-2019-17339)

    Vulnerability from cvelistv5 – Published: 2020-08-11 19:30 – Updated: 2024-09-17 00:45
    VLAI
    Title
    TIBCO Silver Fabric XSS vulerability
    Summary
    The VirtualRouter component of TIBCO Software Inc.'s TIBCO Silver Fabric contains a vulnerability that theoretically allows an attacker to inject scripts via URLs. The attacker could theoretically social engineer an authenticated user into submitting the URL, thus executing the script on the affected system with the privileges of the user. Affected releases are TIBCO Software Inc.'s TIBCO Silver Fabric: versions 6.0.0 and below.
    CWE
    • The impact of this vulnerability includes the possibility that an attacker could steal session tokens of the authenticated user which would allow the attacker to hijack the session and perform whatever tasks the user has permission to execute.
    Assigner
    References
    Impacted products
    Vendor Product Version
    TIBCO Software Inc. TIBCO Silver Fabric Affected: unspecified , ≤ 6.0.0 (custom)
    Create a notification for this product.
    Date Public
    2020-08-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T01:40:14.516Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.tibco.com/services/support/advisories"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "TIBCO Silver Fabric",
              "vendor": "TIBCO Software Inc.",
              "versions": [
                {
                  "lessThanOrEqual": "6.0.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-08-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The VirtualRouter component of TIBCO Software Inc.\u0027s TIBCO Silver Fabric contains a vulnerability that theoretically allows an attacker to inject scripts via URLs. The attacker could theoretically social engineer an authenticated user into submitting the URL, thus executing the script on the affected system with the privileges of the user. Affected releases are TIBCO Software Inc.\u0027s TIBCO Silver Fabric: versions 6.0.0 and below."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "The impact of this vulnerability includes the possibility that an attacker could steal session tokens of the authenticated user which would allow the attacker to hijack the session and perform whatever tasks the user has permission to execute.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-08-11T19:30:14.000Z",
            "orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
            "shortName": "tibco"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.tibco.com/services/support/advisories"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Silver Fabric versions 6.0.0 and below update to version 6.0.1 or higher"
            }
          ],
          "source": {
            "discovery": "USER"
          },
          "title": "TIBCO Silver Fabric XSS vulerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@tibco.com",
              "DATE_PUBLIC": "2020-08-11T17:00:00Z",
              "ID": "CVE-2019-17339",
              "STATE": "PUBLIC",
              "TITLE": "TIBCO Silver Fabric XSS vulerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "TIBCO Silver Fabric",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "6.0.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "TIBCO Software Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The VirtualRouter component of TIBCO Software Inc.\u0027s TIBCO Silver Fabric contains a vulnerability that theoretically allows an attacker to inject scripts via URLs. The attacker could theoretically social engineer an authenticated user into submitting the URL, thus executing the script on the affected system with the privileges of the user. Affected releases are TIBCO Software Inc.\u0027s TIBCO Silver Fabric: versions 6.0.0 and below."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "The impact of this vulnerability includes the possibility that an attacker could steal session tokens of the authenticated user which would allow the attacker to hijack the session and perform whatever tasks the user has permission to execute."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.tibco.com/services/support/advisories",
                  "refsource": "CONFIRM",
                  "url": "http://www.tibco.com/services/support/advisories"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Silver Fabric versions 6.0.0 and below update to version 6.0.1 or higher"
              }
            ],
            "source": {
              "discovery": "USER"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
        "assignerShortName": "tibco",
        "cveId": "CVE-2019-17339",
        "datePublished": "2020-08-11T19:30:14.315Z",
        "dateReserved": "2019-10-07T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:45:44.564Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }