Search
Find a vulnerability
Search criteria
4 vulnerabilities found for silver_fabric by tibco
CVE-2019-17339 (GCVE-0-2019-17339)
Vulnerability from nvd – Published: 2020-08-11 19:30 – Updated: 2024-09-17 00:45
VLAI
EPSS
VEX
Title
TIBCO Silver Fabric XSS vulerability
Summary
The VirtualRouter component of TIBCO Software Inc.'s TIBCO Silver Fabric contains a vulnerability that theoretically allows an attacker to inject scripts via URLs. The attacker could theoretically social engineer an authenticated user into submitting the URL, thus executing the script on the affected system with the privileges of the user. Affected releases are TIBCO Software Inc.'s TIBCO Silver Fabric: versions 6.0.0 and below.
Severity
6.8 (Medium)
CWE
- The impact of this vulnerability includes the possibility that an attacker could steal session tokens of the authenticated user which would allow the attacker to hijack the session and perform whatever tasks the user has permission to execute.
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://www.tibco.com/services/support/advisories | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TIBCO Software Inc. | TIBCO Silver Fabric |
Affected:
unspecified , ≤ 6.0.0
(custom)
|
Date Public
2020-08-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:40:14.516Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Silver Fabric",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "6.0.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-08-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The VirtualRouter component of TIBCO Software Inc.\u0027s TIBCO Silver Fabric contains a vulnerability that theoretically allows an attacker to inject scripts via URLs. The attacker could theoretically social engineer an authenticated user into submitting the URL, thus executing the script on the affected system with the privileges of the user. Affected releases are TIBCO Software Inc.\u0027s TIBCO Silver Fabric: versions 6.0.0 and below."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the possibility that an attacker could steal session tokens of the authenticated user which would allow the attacker to hijack the session and perform whatever tasks the user has permission to execute.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-11T19:30:14.000Z",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/services/support/advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Silver Fabric versions 6.0.0 and below update to version 6.0.1 or higher"
}
],
"source": {
"discovery": "USER"
},
"title": "TIBCO Silver Fabric XSS vulerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2020-08-11T17:00:00Z",
"ID": "CVE-2019-17339",
"STATE": "PUBLIC",
"TITLE": "TIBCO Silver Fabric XSS vulerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Silver Fabric",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "6.0.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The VirtualRouter component of TIBCO Software Inc.\u0027s TIBCO Silver Fabric contains a vulnerability that theoretically allows an attacker to inject scripts via URLs. The attacker could theoretically social engineer an authenticated user into submitting the URL, thus executing the script on the affected system with the privileges of the user. Affected releases are TIBCO Software Inc.\u0027s TIBCO Silver Fabric: versions 6.0.0 and below."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the possibility that an attacker could steal session tokens of the authenticated user which would allow the attacker to hijack the session and perform whatever tasks the user has permission to execute."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/services/support/advisories"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Silver Fabric versions 6.0.0 and below update to version 6.0.1 or higher"
}
],
"source": {
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2019-17339",
"datePublished": "2020-08-11T19:30:14.315Z",
"dateReserved": "2019-10-07T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:45:44.564Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12409 (GCVE-0-2018-12409)
Vulnerability from nvd – Published: 2019-02-13 19:00 – Updated: 2024-08-05 08:38
VLAI
EPSS
VEX
Summary
The SOAP Admin API component of TIBCO Software Inc.'s TIBCO Silver Fabric contains a vulnerability that may allow reflected cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Silver Fabric: versions up to and including 5.8.1.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/107024 | vdb-entryx_refsource_BID |
| http://www.tibco.com/services/support/advisories | x_refsource_MISC |
| https://www.tibco.com/support/advisories/2019/02/… | x_refsource_CONFIRM |
Date Public
2019-02-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:38:05.130Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "107024",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107024"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2019/02/tibco-security-advisory-february-13-2019-tibco-silver-fabric"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-02-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The SOAP Admin API component of TIBCO Software Inc.\u0027s TIBCO Silver Fabric contains a vulnerability that may allow reflected cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.\u0027s TIBCO Silver Fabric: versions up to and including 5.8.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-15T10:57:01.000Z",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"name": "107024",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107024"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2019/02/tibco-security-advisory-february-13-2019-tibco-silver-fabric"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"ID": "CVE-2018-12409",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SOAP Admin API component of TIBCO Software Inc.\u0027s TIBCO Silver Fabric contains a vulnerability that may allow reflected cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.\u0027s TIBCO Silver Fabric: versions up to and including 5.8.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "107024",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107024"
},
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "MISC",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2019/02/tibco-security-advisory-february-13-2019-tibco-silver-fabric",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2019/02/tibco-security-advisory-february-13-2019-tibco-silver-fabric"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2018-12409",
"datePublished": "2019-02-13T19:00:00.000Z",
"dateReserved": "2018-06-14T00:00:00.000Z",
"dateUpdated": "2024-08-05T08:38:05.130Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-17339 (GCVE-0-2019-17339)
Vulnerability from cvelistv5 – Published: 2020-08-11 19:30 – Updated: 2024-09-17 00:45
VLAI
EPSS
VEX
Title
TIBCO Silver Fabric XSS vulerability
Summary
The VirtualRouter component of TIBCO Software Inc.'s TIBCO Silver Fabric contains a vulnerability that theoretically allows an attacker to inject scripts via URLs. The attacker could theoretically social engineer an authenticated user into submitting the URL, thus executing the script on the affected system with the privileges of the user. Affected releases are TIBCO Software Inc.'s TIBCO Silver Fabric: versions 6.0.0 and below.
Severity
6.8 (Medium)
CWE
- The impact of this vulnerability includes the possibility that an attacker could steal session tokens of the authenticated user which would allow the attacker to hijack the session and perform whatever tasks the user has permission to execute.
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://www.tibco.com/services/support/advisories | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TIBCO Software Inc. | TIBCO Silver Fabric |
Affected:
unspecified , ≤ 6.0.0
(custom)
|
Date Public
2020-08-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:40:14.516Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Silver Fabric",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "6.0.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-08-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The VirtualRouter component of TIBCO Software Inc.\u0027s TIBCO Silver Fabric contains a vulnerability that theoretically allows an attacker to inject scripts via URLs. The attacker could theoretically social engineer an authenticated user into submitting the URL, thus executing the script on the affected system with the privileges of the user. Affected releases are TIBCO Software Inc.\u0027s TIBCO Silver Fabric: versions 6.0.0 and below."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the possibility that an attacker could steal session tokens of the authenticated user which would allow the attacker to hijack the session and perform whatever tasks the user has permission to execute.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-11T19:30:14.000Z",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/services/support/advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Silver Fabric versions 6.0.0 and below update to version 6.0.1 or higher"
}
],
"source": {
"discovery": "USER"
},
"title": "TIBCO Silver Fabric XSS vulerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2020-08-11T17:00:00Z",
"ID": "CVE-2019-17339",
"STATE": "PUBLIC",
"TITLE": "TIBCO Silver Fabric XSS vulerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Silver Fabric",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "6.0.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The VirtualRouter component of TIBCO Software Inc.\u0027s TIBCO Silver Fabric contains a vulnerability that theoretically allows an attacker to inject scripts via URLs. The attacker could theoretically social engineer an authenticated user into submitting the URL, thus executing the script on the affected system with the privileges of the user. Affected releases are TIBCO Software Inc.\u0027s TIBCO Silver Fabric: versions 6.0.0 and below."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the possibility that an attacker could steal session tokens of the authenticated user which would allow the attacker to hijack the session and perform whatever tasks the user has permission to execute."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/services/support/advisories"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Silver Fabric versions 6.0.0 and below update to version 6.0.1 or higher"
}
],
"source": {
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2019-17339",
"datePublished": "2020-08-11T19:30:14.315Z",
"dateReserved": "2019-10-07T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:45:44.564Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12409 (GCVE-0-2018-12409)
Vulnerability from cvelistv5 – Published: 2019-02-13 19:00 – Updated: 2024-08-05 08:38
VLAI
EPSS
VEX
Summary
The SOAP Admin API component of TIBCO Software Inc.'s TIBCO Silver Fabric contains a vulnerability that may allow reflected cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Silver Fabric: versions up to and including 5.8.1.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/107024 | vdb-entryx_refsource_BID |
| http://www.tibco.com/services/support/advisories | x_refsource_MISC |
| https://www.tibco.com/support/advisories/2019/02/… | x_refsource_CONFIRM |
Date Public
2019-02-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:38:05.130Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "107024",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107024"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2019/02/tibco-security-advisory-february-13-2019-tibco-silver-fabric"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-02-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The SOAP Admin API component of TIBCO Software Inc.\u0027s TIBCO Silver Fabric contains a vulnerability that may allow reflected cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.\u0027s TIBCO Silver Fabric: versions up to and including 5.8.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-15T10:57:01.000Z",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"name": "107024",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107024"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2019/02/tibco-security-advisory-february-13-2019-tibco-silver-fabric"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"ID": "CVE-2018-12409",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SOAP Admin API component of TIBCO Software Inc.\u0027s TIBCO Silver Fabric contains a vulnerability that may allow reflected cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.\u0027s TIBCO Silver Fabric: versions up to and including 5.8.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "107024",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107024"
},
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "MISC",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2019/02/tibco-security-advisory-february-13-2019-tibco-silver-fabric",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2019/02/tibco-security-advisory-february-13-2019-tibco-silver-fabric"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2018-12409",
"datePublished": "2019-02-13T19:00:00.000Z",
"dateReserved": "2018-06-14T00:00:00.000Z",
"dateUpdated": "2024-08-05T08:38:05.130Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}