Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for auditsafe by tibco

    CVE-2022-22770 (GCVE-0-2022-22770)

    Vulnerability from nvd – Published: 2022-02-15 18:00 – Updated: 2024-09-16 22:36
    VLAI
    Title
    TIBCO AuditSafe API Authentication vulnerability
    Summary
    The Web Server component of TIBCO Software Inc.'s TIBCO AuditSafe contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to execute API methods on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO AuditSafe: versions 1.1.0 and below.
    CWE
    • In the worst case, if the victim is a privileged administrator, successful execution of these vulnerabilities can result in an attacker gaining full administrative access to the API methods of the affected system.
    Assigner
    References
    Impacted products
    Vendor Product Version
    TIBCO Software Inc. TIBCO AuditSafe Affected: unspecified , ≤ 1.1.0 (custom)
    Create a notification for this product.
    Date Public
    2022-02-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:21:49.164Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tibco.com/services/support/advisories"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "TIBCO AuditSafe",
              "vendor": "TIBCO Software Inc.",
              "versions": [
                {
                  "lessThanOrEqual": "1.1.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-02-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Web Server component of TIBCO Software Inc.\u0027s TIBCO AuditSafe contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to execute API methods on the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO AuditSafe: versions 1.1.0 and below."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "In the worst case, if the victim is a privileged administrator, successful execution of these vulnerabilities can result in an attacker gaining full administrative access to the API methods of the affected system.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-15T18:07:41.000Z",
            "orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
            "shortName": "tibco"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tibco.com/services/support/advisories"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO AuditSafe versions 1.1.0 and below update to version 1.1.1 or later"
            }
          ],
          "source": {
            "discovery": "USER"
          },
          "title": "TIBCO AuditSafe API Authentication vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@tibco.com",
              "DATE_PUBLIC": "2022-02-15T17:00:00Z",
              "ID": "CVE-2022-22770",
              "STATE": "PUBLIC",
              "TITLE": "TIBCO AuditSafe API Authentication vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "TIBCO AuditSafe",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "1.1.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "TIBCO Software Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Web Server component of TIBCO Software Inc.\u0027s TIBCO AuditSafe contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to execute API methods on the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO AuditSafe: versions 1.1.0 and below."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "In the worst case, if the victim is a privileged administrator, successful execution of these vulnerabilities can result in an attacker gaining full administrative access to the API methods of the affected system."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.tibco.com/services/support/advisories",
                  "refsource": "CONFIRM",
                  "url": "https://www.tibco.com/services/support/advisories"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO AuditSafe versions 1.1.0 and below update to version 1.1.1 or later"
              }
            ],
            "source": {
              "discovery": "USER"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
        "assignerShortName": "tibco",
        "cveId": "CVE-2022-22770",
        "datePublished": "2022-02-15T18:00:11.463Z",
        "dateReserved": "2022-01-07T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:36:51.954Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22770 (GCVE-0-2022-22770)

    Vulnerability from cvelistv5 – Published: 2022-02-15 18:00 – Updated: 2024-09-16 22:36
    VLAI
    Title
    TIBCO AuditSafe API Authentication vulnerability
    Summary
    The Web Server component of TIBCO Software Inc.'s TIBCO AuditSafe contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to execute API methods on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO AuditSafe: versions 1.1.0 and below.
    CWE
    • In the worst case, if the victim is a privileged administrator, successful execution of these vulnerabilities can result in an attacker gaining full administrative access to the API methods of the affected system.
    Assigner
    References
    Impacted products
    Vendor Product Version
    TIBCO Software Inc. TIBCO AuditSafe Affected: unspecified , ≤ 1.1.0 (custom)
    Create a notification for this product.
    Date Public
    2022-02-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:21:49.164Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tibco.com/services/support/advisories"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "TIBCO AuditSafe",
              "vendor": "TIBCO Software Inc.",
              "versions": [
                {
                  "lessThanOrEqual": "1.1.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-02-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Web Server component of TIBCO Software Inc.\u0027s TIBCO AuditSafe contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to execute API methods on the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO AuditSafe: versions 1.1.0 and below."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "In the worst case, if the victim is a privileged administrator, successful execution of these vulnerabilities can result in an attacker gaining full administrative access to the API methods of the affected system.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-15T18:07:41.000Z",
            "orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
            "shortName": "tibco"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tibco.com/services/support/advisories"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO AuditSafe versions 1.1.0 and below update to version 1.1.1 or later"
            }
          ],
          "source": {
            "discovery": "USER"
          },
          "title": "TIBCO AuditSafe API Authentication vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@tibco.com",
              "DATE_PUBLIC": "2022-02-15T17:00:00Z",
              "ID": "CVE-2022-22770",
              "STATE": "PUBLIC",
              "TITLE": "TIBCO AuditSafe API Authentication vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "TIBCO AuditSafe",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "1.1.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "TIBCO Software Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Web Server component of TIBCO Software Inc.\u0027s TIBCO AuditSafe contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to execute API methods on the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO AuditSafe: versions 1.1.0 and below."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "In the worst case, if the victim is a privileged administrator, successful execution of these vulnerabilities can result in an attacker gaining full administrative access to the API methods of the affected system."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.tibco.com/services/support/advisories",
                  "refsource": "CONFIRM",
                  "url": "https://www.tibco.com/services/support/advisories"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO AuditSafe versions 1.1.0 and below update to version 1.1.1 or later"
              }
            ],
            "source": {
              "discovery": "USER"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
        "assignerShortName": "tibco",
        "cveId": "CVE-2022-22770",
        "datePublished": "2022-02-15T18:00:11.463Z",
        "dateReserved": "2022-01-07T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:36:51.954Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }