Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-12413 (GCVE-0-2018-12413)
Vulnerability from cvelistv5 – Published: 2018-11-07 00:00 – Updated: 2024-09-17 00:11- The impact of this vulnerability includes the theoretical possibility that an attacker could gain full access to the configuration of message schemas used with an Apache Kafka deployment. With such access, the attacker could also configure Apache Kafka communications to fail.
| URL | Tags |
|---|---|
| http://www.tibco.com/services/support/advisories | x_refsource_MISC |
| http://www.securityfocus.com/bid/105874 | vdb-entryx_refsource_BID |
| https://www.tibco.com/support/advisories/2018/11/… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| TIBCO Software Inc. | TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition |
Affected:
1.0.0
|
|
| TIBCO Software Inc. | TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition |
Affected:
1.0.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:38:04.943Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "105874",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105874"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-messaging-apache-kafka-distribution-schema-repository"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "1.0.0"
}
]
},
{
"product": "TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "1.0.0"
}
]
}
],
"datePublic": "2018-11-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Schema repository server (tibschemad) component of TIBCO Software Inc.\u0027s TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition, and TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc. TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition: 1.0.0, and TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition: 1.0.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the theoretical possibility that an attacker could gain full access to the configuration of message schemas used with an Apache Kafka deployment. With such access, the attacker could also configure Apache Kafka communications to fail.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-12T10:57:01.000Z",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "105874",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105874"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-messaging-apache-kafka-distribution-schema-repository"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition version 1.0.0 update to version 1.0.1 or higher\nTIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition version 1.0.0 update to version 1.0.1 or higher."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "TIBCO Messaging - Apache Kafka Distribution - Schema Repository Vulnerable to CSRF Attacks",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2018-11-06T17:00:00.000Z",
"ID": "CVE-2018-12413",
"STATE": "PUBLIC",
"TITLE": "TIBCO Messaging - Apache Kafka Distribution - Schema Repository Vulnerable to CSRF Attacks"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_value": "1.0.0"
}
]
}
},
{
"product_name": "TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_value": "1.0.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Schema repository server (tibschemad) component of TIBCO Software Inc.\u0027s TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition, and TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc. TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition: 1.0.0, and TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition: 1.0.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the theoretical possibility that an attacker could gain full access to the configuration of message schemas used with an Apache Kafka deployment. With such access, the attacker could also configure Apache Kafka communications to fail."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "MISC",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "105874",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105874"
},
{
"name": "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-messaging-apache-kafka-distribution-schema-repository",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-messaging-apache-kafka-distribution-schema-repository"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition version 1.0.0 update to version 1.0.1 or higher\nTIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition version 1.0.0 update to version 1.0.1 or higher."
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2018-12413",
"datePublished": "2018-11-07T00:00:00.000Z",
"dateReserved": "2018-06-14T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:11:42.949Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2018-12413",
"date": "2026-07-02",
"epss": "0.00871",
"percentile": "0.54404"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2018-12413\",\"sourceIdentifier\":\"security@tibco.com\",\"published\":\"2018-11-06T23:29:00.340\",\"lastModified\":\"2024-11-21T03:45:10.603\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Schema repository server (tibschemad) component of TIBCO Software Inc.\u0027s TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition, and TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc. TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition: 1.0.0, and TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition: 1.0.0.\"},{\"lang\":\"es\",\"value\":\"El componente del servidor del repositorio Schema (tibrealmserver) de TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition y TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition, de TIBCO Software Inc., contiene una vulnerabilidad que podr\u00eda permitir que un atacante realice ataques de Cross-Site Request Forgery (CSRF). Las versiones afectadas son las siguientes: TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition: 1.0.0; y TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition: 1.0.0.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"security@tibco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-352\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tibco:messaging_-_apache_kafka_distribution_-_schema_repository:1.0.0:*:*:*:community:*:*:*\",\"matchCriteriaId\":\"482F8597-68CD-43FD-BCBE-C17D55D35D95\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tibco:messaging_-_apache_kafka_distribution_-_schema_repository:1.0.0:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"299983A4-E534-4D6F-8AFB-20F4F15EE245\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/105874\",\"source\":\"security@tibco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.tibco.com/services/support/advisories\",\"source\":\"security@tibco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-messaging-apache-kafka-distribution-schema-repository\",\"source\":\"security@tibco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/105874\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.tibco.com/services/support/advisories\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-messaging-apache-kafka-distribution-schema-repository\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
厂商已发布了漏洞修复程序,请及时关注更新: https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-messaging-apache-kafka-distribution-schema-repository
| Name | ['TIBCO Enterprise Edition 1.0.0', 'TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2018-12413"
}
},
"description": "TIBCO Messaging - Apache Kafka Distribution - Schema Repository\u662f\u7f8e\u56fdTIBCO\u8f6f\u4ef6\u516c\u53f8\u7684\u4e00\u5957\u5e94\u7528\u5f00\u53d1\u3001\u90e8\u7f72\u89e3\u51b3\u65b9\u6848\u3002\n\nTIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition\u548cEnterprise Edition1.0.0\u7248\u672c\u4e2d\u7684Schema repository server\u7ec4\u4ef6\u5b58\u5728\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u672a\u6388\u6743\u64cd\u4f5c\u3002",
"discovererName": "unknown",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-messaging-apache-kafka-distribution-schema-repository",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2018-26103",
"openTime": "2018-12-21",
"patchDescription": "TIBCO Messaging - Apache Kafka Distribution - Schema Repository\u662f\u7f8e\u56fdTIBCO\u8f6f\u4ef6\u516c\u53f8\u7684\u4e00\u5957\u5e94\u7528\u5f00\u53d1\u3001\u90e8\u7f72\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nTIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition\u548cEnterprise Edition1.0.0\u7248\u672c\u4e2d\u7684Schema repository server\u7ec4\u4ef6\u5b58\u5728\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u672a\u6388\u6743\u64cd\u4f5c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "TIBCO MessagiTIBCO Messaging - Apache Kafka Distribution - Schema Repository\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"TIBCO Enterprise Edition 1.0.0",
"TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition"
]
},
"referenceLink": "http://www.tibco.com/services/support/advisories\r\nhttps://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-messaging-apache-kafka-distribution-schema-repository",
"serverity": "\u9ad8",
"submitTime": "2018-11-08",
"title": "TIBCO MessagiTIBCO Messaging - Apache Kafka Distribution - Schema Repository\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e"
}
FKIE_CVE-2018-12413
Vulnerability from fkie_nvd - Published: 2018-11-06 23:29 - Updated: 2026-06-17 01:378.8 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
| Vendor | Product | Version | |
|---|---|---|---|
| tibco | messaging_-_apache_kafka_distribution_-_schema_repository | 1.0.0 | |
| tibco | messaging_-_apache_kafka_distribution_-_schema_repository | 1.0.0 |
{
"affected": [
{
"affectedData": [
{
"product": "TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "1.0.0"
}
]
},
{
"product": "TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "1.0.0"
}
]
}
],
"source": "security@tibco.com"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:messaging_-_apache_kafka_distribution_-_schema_repository:1.0.0:*:*:*:community:*:*:*",
"matchCriteriaId": "482F8597-68CD-43FD-BCBE-C17D55D35D95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:messaging_-_apache_kafka_distribution_-_schema_repository:1.0.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "299983A4-E534-4D6F-8AFB-20F4F15EE245",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Schema repository server (tibschemad) component of TIBCO Software Inc.\u0027s TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition, and TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc. TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition: 1.0.0, and TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition: 1.0.0."
},
{
"lang": "es",
"value": "El componente del servidor del repositorio Schema (tibrealmserver) de TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition y TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition, de TIBCO Software Inc., contiene una vulnerabilidad que podr\u00eda permitir que un atacante realice ataques de Cross-Site Request Forgery (CSRF). Las versiones afectadas son las siguientes: TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition: 1.0.0; y TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition: 1.0.0."
}
],
"id": "CVE-2018-12413",
"lastModified": "2026-06-17T01:37:44.750",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "security@tibco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-11-06T23:29:00.340",
"references": [
{
"source": "security@tibco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105874"
},
{
"source": "security@tibco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"source": "security@tibco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-messaging-apache-kafka-distribution-schema-repository"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105874"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-messaging-apache-kafka-distribution-schema-repository"
}
],
"sourceIdentifier": "security@tibco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-357P-WVMP-399F
Vulnerability from github – Published: 2022-05-13 01:34 – Updated: 2022-05-13 01:34The Schema repository server (tibschemad) component of TIBCO Software Inc.'s TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition, and TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc. TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition: 1.0.0, and TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition: 1.0.0.
{
"affected": [],
"aliases": [
"CVE-2018-12413"
],
"database_specific": {
"cwe_ids": [
"CWE-352"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-11-06T23:29:00Z",
"severity": "HIGH"
},
"details": "The Schema repository server (tibschemad) component of TIBCO Software Inc.\u0027s TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition, and TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc. TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition: 1.0.0, and TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition: 1.0.0.",
"id": "GHSA-357p-wvmp-399f",
"modified": "2022-05-13T01:34:48Z",
"published": "2022-05-13T01:34:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12413"
},
{
"type": "WEB",
"url": "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-messaging-apache-kafka-distribution-schema-repository"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/105874"
},
{
"type": "WEB",
"url": "http://www.tibco.com/services/support/advisories"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2018-12413
Vulnerability from gsd - Updated: 2023-12-13 01:22{
"GSD": {
"alias": "CVE-2018-12413",
"description": "The Schema repository server (tibschemad) component of TIBCO Software Inc.\u0027s TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition, and TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc. TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition: 1.0.0, and TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition: 1.0.0.",
"id": "GSD-2018-12413"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-12413"
],
"details": "The Schema repository server (tibschemad) component of TIBCO Software Inc.\u0027s TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition, and TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc. TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition: 1.0.0, and TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition: 1.0.0.",
"id": "GSD-2018-12413",
"modified": "2023-12-13T01:22:30.104818Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2018-11-06T17:00:00.000Z",
"ID": "CVE-2018-12413",
"STATE": "PUBLIC",
"TITLE": "TIBCO Messaging - Apache Kafka Distribution - Schema Repository Vulnerable to CSRF Attacks"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition",
"version": {
"version_data": [
{
"affected": "=",
"version_value": "1.0.0"
}
]
}
},
{
"product_name": "TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition",
"version": {
"version_data": [
{
"affected": "=",
"version_value": "1.0.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Schema repository server (tibschemad) component of TIBCO Software Inc.\u0027s TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition, and TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc. TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition: 1.0.0, and TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition: 1.0.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the theoretical possibility that an attacker could gain full access to the configuration of message schemas used with an Apache Kafka deployment. With such access, the attacker could also configure Apache Kafka communications to fail."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "MISC",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "105874",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105874"
},
{
"name": "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-messaging-apache-kafka-distribution-schema-repository",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-messaging-apache-kafka-distribution-schema-repository"
}
]
},
"solution": [
{
"lang": "eng",
"value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition version 1.0.0 update to version 1.0.1 or higher\nTIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition version 1.0.0 update to version 1.0.1 or higher.\n"
}
],
"source": {
"discovery": "UNKNOWN"
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:tibco:messaging_-_apache_kafka_distribution_-_schema_repository:1.0.0:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tibco:messaging_-_apache_kafka_distribution_-_schema_repository:1.0.0:*:*:*:community:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"ID": "CVE-2018-12413"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The Schema repository server (tibschemad) component of TIBCO Software Inc.\u0027s TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition, and TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc. TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition: 1.0.0, and TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition: 1.0.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-messaging-apache-kafka-distribution-schema-repository",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-messaging-apache-kafka-distribution-schema-repository"
},
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "105874",
"refsource": "BID",
"tags": [
"VDB Entry",
"Third Party Advisory"
],
"url": "http://www.securityfocus.com/bid/105874"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2019-10-09T23:33Z",
"publishedDate": "2018-11-06T23:29Z"
}
}
}
TIBCO-2018-023
Vulnerability from csaf_tibco - Published: 2018-11-06 17:00 - Updated: 2020-01-28 17:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
TIBCO ActiveSpaces - Community Edition
TIBCO Software Inc. / TIBCO ActiveSpaces - Community Edition
|
3.5.1 | ||
|
TIBCO ActiveSpaces - Developer Edition
TIBCO Software Inc. / TIBCO ActiveSpaces - Developer Edition
|
3.5.1 | ||
|
TIBCO ActiveSpaces - Enterprise Edition
TIBCO Software Inc. / TIBCO ActiveSpaces - Enterprise Edition
|
3.5.1 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
TIBCO ActiveSpaces - Community Edition
TIBCO Software Inc. / TIBCO ActiveSpaces - Community Edition
|
3.3.0 |
Vendor Fix
fix
|
|
|
TIBCO ActiveSpaces - Community Edition
TIBCO Software Inc. / TIBCO ActiveSpaces - Community Edition
|
3.4.0 |
Vendor Fix
fix
|
|
|
TIBCO ActiveSpaces - Community Edition
TIBCO Software Inc. / TIBCO ActiveSpaces - Community Edition
|
3.5.0 |
Vendor Fix
fix
|
|
|
TIBCO ActiveSpaces - Developer Edition
TIBCO Software Inc. / TIBCO ActiveSpaces - Developer Edition
|
3.0.0 |
Vendor Fix
fix
|
|
|
TIBCO ActiveSpaces - Developer Edition
TIBCO Software Inc. / TIBCO ActiveSpaces - Developer Edition
|
3.1.0 |
Vendor Fix
fix
|
|
|
TIBCO ActiveSpaces - Developer Edition
TIBCO Software Inc. / TIBCO ActiveSpaces - Developer Edition
|
3.3.0 |
Vendor Fix
fix
|
|
|
TIBCO ActiveSpaces - Developer Edition
TIBCO Software Inc. / TIBCO ActiveSpaces - Developer Edition
|
3.4.0 |
Vendor Fix
fix
|
|
|
TIBCO ActiveSpaces - Developer Edition
TIBCO Software Inc. / TIBCO ActiveSpaces - Developer Edition
|
3.5.0 |
Vendor Fix
fix
|
|
|
TIBCO ActiveSpaces - Enterprise Edition
TIBCO Software Inc. / TIBCO ActiveSpaces - Enterprise Edition
|
3.0.0 |
Vendor Fix
fix
|
|
|
TIBCO ActiveSpaces - Enterprise Edition
TIBCO Software Inc. / TIBCO ActiveSpaces - Enterprise Edition
|
3.1.0 |
Vendor Fix
fix
|
|
|
TIBCO ActiveSpaces - Enterprise Edition
TIBCO Software Inc. / TIBCO ActiveSpaces - Enterprise Edition
|
3.2.0 |
Vendor Fix
fix
|
|
|
TIBCO ActiveSpaces - Enterprise Edition
TIBCO Software Inc. / TIBCO ActiveSpaces - Enterprise Edition
|
3.3.0 |
Vendor Fix
fix
|
|
|
TIBCO ActiveSpaces - Enterprise Edition
TIBCO Software Inc. / TIBCO ActiveSpaces - Enterprise Edition
|
3.4.0 |
Vendor Fix
fix
|
|
|
TIBCO ActiveSpaces - Enterprise Edition
TIBCO Software Inc. / TIBCO ActiveSpaces - Enterprise Edition
|
3.5.0 |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
TIBCO ActiveSpaces - Community Edition
TIBCO Software Inc. / TIBCO ActiveSpaces - Community Edition
|
3.5.1 | ||
|
TIBCO ActiveSpaces - Developer Edition
TIBCO Software Inc. / TIBCO ActiveSpaces - Developer Edition
|
3.5.1 | ||
|
TIBCO ActiveSpaces - Enterprise Edition
TIBCO Software Inc. / TIBCO ActiveSpaces - Enterprise Edition
|
3.5.1 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
TIBCO FTL - Community Edition
TIBCO Software Inc. / TIBCO FTL - Community Edition
|
5.4.1 | ||
|
TIBCO FTL - Developer Edition
TIBCO Software Inc. / TIBCO FTL - Developer Edition
|
5.4.1 | ||
|
TIBCO FTL - Enterprise Edition
TIBCO Software Inc. / TIBCO FTL - Enterprise Edition
|
5.4.1 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
TIBCO FTL - Community Edition
TIBCO Software Inc. / TIBCO FTL - Community Edition
|
<=5.4.0 |
Vendor Fix
fix
|
|
|
TIBCO FTL - Developer Edition
TIBCO Software Inc. / TIBCO FTL - Developer Edition
|
<=5.4.0 |
Vendor Fix
fix
|
|
|
TIBCO FTL - Enterprise Edition
TIBCO Software Inc. / TIBCO FTL - Enterprise Edition
|
<=5.4.0 |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
TIBCO FTL - Community Edition
TIBCO Software Inc. / TIBCO FTL - Community Edition
|
5.4.1 | ||
|
TIBCO FTL - Developer Edition
TIBCO Software Inc. / TIBCO FTL - Developer Edition
|
5.4.1 | ||
|
TIBCO FTL - Enterprise Edition
TIBCO Software Inc. / TIBCO FTL - Enterprise Edition
|
5.4.1 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition
TIBCO Software Inc. / TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition
|
1.0.1 | ||
|
TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition
TIBCO Software Inc. / TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition
|
1.0.1 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition
TIBCO Software Inc. / TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition
|
1.0.0 |
Vendor Fix
fix
|
|
|
TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition
TIBCO Software Inc. / TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition
|
1.0.0 |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition
TIBCO Software Inc. / TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition
|
1.0.1 | ||
|
TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition
TIBCO Software Inc. / TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition
|
1.0.1 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
TIBCO Rendezvous
TIBCO Software Inc. / TIBCO Rendezvous
|
8.4.6 | ||
|
TIBCO Rendezvous Developer Edition
TIBCO Software Inc. / TIBCO Rendezvous Developer Edition
|
8.4.6 | ||
|
TIBCO Rendezvous for z/Linux
TIBCO Software Inc. / TIBCO Rendezvous for z/Linux
|
8.4.6 | ||
|
TIBCO Rendezvous for z/OS
TIBCO Software Inc. / TIBCO Rendezvous for z/OS
|
8.4.6 | ||
|
TIBCO Rendezvous Network Server
TIBCO Software Inc. / TIBCO Rendezvous Network Server
|
1.1.3 | ||
|
TIBCO Substation ES
TIBCO Software Inc. / TIBCO Substation ES
|
2.12.1 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
TIBCO Rendezvous
TIBCO Software Inc. / TIBCO Rendezvous
|
<=8.4.5 |
Vendor Fix
fix
|
|
|
TIBCO Rendezvous Developer Edition
TIBCO Software Inc. / TIBCO Rendezvous Developer Edition
|
<=8.4.5 |
Vendor Fix
fix
|
|
|
TIBCO Rendezvous for z/Linux
TIBCO Software Inc. / TIBCO Rendezvous for z/Linux
|
<=8.4.5 |
Vendor Fix
fix
|
|
|
TIBCO Rendezvous for z/OS
TIBCO Software Inc. / TIBCO Rendezvous for z/OS
|
<=8.4.5 |
Vendor Fix
fix
|
|
|
TIBCO Rendezvous Network Server
TIBCO Software Inc. / TIBCO Rendezvous Network Server
|
<=1.1.2 |
Vendor Fix
fix
|
|
|
TIBCO Substation ES
TIBCO Software Inc. / TIBCO Substation ES
|
<=2.12.0 |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
TIBCO Rendezvous
TIBCO Software Inc. / TIBCO Rendezvous
|
8.4.6 | ||
|
TIBCO Rendezvous Developer Edition
TIBCO Software Inc. / TIBCO Rendezvous Developer Edition
|
8.4.6 | ||
|
TIBCO Rendezvous for z/Linux
TIBCO Software Inc. / TIBCO Rendezvous for z/Linux
|
8.4.6 | ||
|
TIBCO Rendezvous for z/OS
TIBCO Software Inc. / TIBCO Rendezvous for z/OS
|
8.4.6 | ||
|
TIBCO Rendezvous Network Server
TIBCO Software Inc. / TIBCO Rendezvous Network Server
|
1.1.3 | ||
|
TIBCO Substation ES
TIBCO Software Inc. / TIBCO Substation ES
|
2.12.1 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
TIBCO Enterprise Message Service
TIBCO Software Inc. / TIBCO Enterprise Message Service
|
8.4.1 | ||
|
TIBCO Enterprise Message Service - Community Edition
TIBCO Software Inc. / TIBCO Enterprise Message Service - Community Edition
|
8.4.1 | ||
|
TIBCO Enterprise Message Service - Developer Edition
TIBCO Software Inc. / TIBCO Enterprise Message Service - Developer Edition
|
8.4.1 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
TIBCO Enterprise Message Service
TIBCO Software Inc. / TIBCO Enterprise Message Service
|
<=8.4.0 |
Vendor Fix
fix
|
|
|
TIBCO Enterprise Message Service - Community Edition
TIBCO Software Inc. / TIBCO Enterprise Message Service - Community Edition
|
<=8.4.0 |
Vendor Fix
fix
|
|
|
TIBCO Enterprise Message Service - Developer Edition
TIBCO Software Inc. / TIBCO Enterprise Message Service - Developer Edition
|
<=8.4.0 |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
TIBCO Enterprise Message Service
TIBCO Software Inc. / TIBCO Enterprise Message Service
|
8.4.1 | ||
|
TIBCO Enterprise Message Service - Community Edition
TIBCO Software Inc. / TIBCO Enterprise Message Service - Community Edition
|
8.4.1 | ||
|
TIBCO Enterprise Message Service - Developer Edition
TIBCO Software Inc. / TIBCO Enterprise Message Service - Developer Edition
|
8.4.1 |
| URL | Category |
|---|---|
| https://www.tibco.com/services/support/advisories | external |
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited.",
"tlp": {
"label": "WHITE"
}
},
"lang": "en",
"notes": [
{
"audience": "all",
"category": "faq",
"text": "# FREQUENTLY ASKED QUESTIONS\n\n## Why is this advisory being issued?\n\nSecurity vulnerabilities have been discovered in:\n\n* TIBCO ActiveSpaces\u00ae - Community Edition versions 3.3.0, 3.4.0, and 3.5.0\n* TIBCO ActiveSpaces\u00ae - Developer Edition versions 3.0.0, 3.1.0, 3.3.0, 3.4.0, and 3.5.0\n* TIBCO ActiveSpaces\u00ae - Enterprise Edition versions 3.0.0, 3.1.0, 3.2.0, 3.3.0, 3.4.0, and 3.5.0\n* TIBCO Enterprise Message Service\u2122 versions 8.4.0 and below\n* TIBCO Enterprise Message Service\u2122 - Community Edition versions 8.4.0 and below\n* TIBCO Enterprise Message Service\u2122 Developer Edition versions 8.4.0 and below\n* TIBCO FTL\u00ae - Community Edition versions 5.4.0 and below\n* TIBCO FTL\u00ae - Developer Edition versions 5.4.0 and below\n* TIBCO FTL\u00ae - Enterprise Edition versions 5.4.0 and below\n* TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition version 1.0.0\n* TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition version 1.0.0\n* TIBCO Rendezvous\u00ae versions 8.4.5 and below\n* TIBCO Rendezvous\u00ae Developer Edition versions 8.4.5 and below\n* TIBCO Rendezvous\u00ae Network Server versions 1.1.2 and below\n* TIBCO Rendezvous\u00ae for z/Linux versions 8.4.5 and below\n* TIBCO Rendezvous\u00ae for z/OS versions 8.4.5 and below\n* TIBCO Substation ES\u2122 versions 2.12.0 and below\n\n## What is the impact of these vulnerabilities?\n\nFor detailed information on the vulnerability, please see the\n[security advisory](https://www.tibco.com/services/support/advisories).\n\n## Which customers are affected?\n\nThese issues affect all customers using the above product versions.\n\n## Where can I get software updates?\n\nCustomers with current maintenance for the affected products can obtain product updates\nthrough their standard TIBCO fulfillment channel, via the Community site, the AWS Marketplace or\nthe Azure Marketplace as appropriate.\n\n## How will customers who receive TIBCO software via OEM partners be affected?\n\nCustomers of OEM partners can receive new versions and hot fixes from their OEM partners.\nPlease contact your OEM partner for updates.\n\n## Can I get the software update if I am not current on maintenance, if I do not have access to the download site or access to TIBCO support?\n\nPlease contact us through [this online form](https://www.tibco.com/contact-us),\nand we will get in touch with you. Please reference CASE ID: 01647666 in your\ncommunication to indicate the context of your request.\n\n## What is tibco doing to prevent future security issues?\n\nTIBCO takes security very seriously. We perform rigorous testing for every product release,\nas well as code audits, structured walkthroughs and peer reviews. TIBCO has identified\nsecurity vulnerabilities in products during internal testing and reviews and corrected them\nprior to release. TIBCO constantly evaluates and augments its security measures and will\ncontinue to do so.\n\n## Where can I get more information?\n\nProduct advisories can be accessed from the\n[Security Advisories for TIBCO Products](https://www.tibco.com/services/support/advisories) web page.\n\nCustomers with a current maintenance contract with TIBCO can log a case with TIBCO Global Support\n(please refer to the service request identifier listed above) and then call your support telephone number.\nMaintenance customers can also view product-specific Late Breaking News through the TIBCO Support Web.\n\n",
"title": "Frequently Asked Questions"
}
],
"publisher": {
"category": "vendor",
"contact_details": "TIBCO Software Inc. can be reached at mailto:security@tibco.com, or via our website at https://www.tibco.com/security",
"name": "TIBCO PSIRT",
"namespace": "https://tibco.com"
},
"title": "TIBCO Security Advisory TIBCO-2018-023",
"tracking": {
"current_release_date": "2020-01-28T17:00:00Z",
"generator": {
"date": "2022-07-14T21:43:08Z",
"engine": {
"name": "retro-csaf",
"version": "v3.2.5-0-g741be4e"
}
},
"id": "TIBCO-2018-023",
"initial_release_date": "2018-11-06T17:00:00Z",
"revision_history": [
{
"date": "2018-11-06T17:00:00Z",
"number": "1.0.0",
"summary": "Initial release."
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.5.1",
"product": {
"name": "TIBCO ActiveSpaces - Community Edition",
"product_id": "tib-12de72030884a5a7"
}
},
{
"category": "product_version",
"name": "3.3.0",
"product": {
"name": "TIBCO ActiveSpaces - Community Edition",
"product_id": "tib-dadee8bb3b660920"
}
},
{
"category": "product_version",
"name": "3.4.0",
"product": {
"name": "TIBCO ActiveSpaces - Community Edition",
"product_id": "tib-ae689fb7c3a31636"
}
},
{
"category": "product_version",
"name": "3.5.0",
"product": {
"name": "TIBCO ActiveSpaces - Community Edition",
"product_id": "tib-41357f13efa0471d"
}
}
],
"category": "product_name",
"name": "TIBCO ActiveSpaces - Community Edition"
},
{
"branches": [
{
"category": "product_version",
"name": "3.5.1",
"product": {
"name": "TIBCO ActiveSpaces - Developer Edition",
"product_id": "tib-6c919c012fa0cad2"
}
},
{
"category": "product_version",
"name": "3.0.0",
"product": {
"name": "TIBCO ActiveSpaces - Developer Edition",
"product_id": "tib-c3de272f8f87dbde"
}
},
{
"category": "product_version",
"name": "3.1.0",
"product": {
"name": "TIBCO ActiveSpaces - Developer Edition",
"product_id": "tib-219649cefc7139fe"
}
},
{
"category": "product_version",
"name": "3.3.0",
"product": {
"name": "TIBCO ActiveSpaces - Developer Edition",
"product_id": "tib-6ba4ba40207a02df"
}
},
{
"category": "product_version",
"name": "3.4.0",
"product": {
"name": "TIBCO ActiveSpaces - Developer Edition",
"product_id": "tib-f1dd8ef7fb50b258"
}
},
{
"category": "product_version",
"name": "3.5.0",
"product": {
"name": "TIBCO ActiveSpaces - Developer Edition",
"product_id": "tib-9d46455dbc3938b2"
}
}
],
"category": "product_name",
"name": "TIBCO ActiveSpaces - Developer Edition"
},
{
"branches": [
{
"category": "product_version",
"name": "3.5.1",
"product": {
"name": "TIBCO ActiveSpaces - Enterprise Edition",
"product_id": "tib-fe3fe3a9d73f691b"
}
},
{
"category": "product_version",
"name": "3.0.0",
"product": {
"name": "TIBCO ActiveSpaces - Enterprise Edition",
"product_id": "tib-eb837b1f113446a8"
}
},
{
"category": "product_version",
"name": "3.1.0",
"product": {
"name": "TIBCO ActiveSpaces - Enterprise Edition",
"product_id": "tib-ff7a3afe1dea2b27"
}
},
{
"category": "product_version",
"name": "3.2.0",
"product": {
"name": "TIBCO ActiveSpaces - Enterprise Edition",
"product_id": "tib-7acacad7cb0410f4"
}
},
{
"category": "product_version",
"name": "3.3.0",
"product": {
"name": "TIBCO ActiveSpaces - Enterprise Edition",
"product_id": "tib-61f815f90c5612af"
}
},
{
"category": "product_version",
"name": "3.4.0",
"product": {
"name": "TIBCO ActiveSpaces - Enterprise Edition",
"product_id": "tib-2f5c7594aa7def4c"
}
},
{
"category": "product_version",
"name": "3.5.0",
"product": {
"name": "TIBCO ActiveSpaces - Enterprise Edition",
"product_id": "tib-a0b77e96104de7f4"
}
}
],
"category": "product_name",
"name": "TIBCO ActiveSpaces - Enterprise Edition"
},
{
"branches": [
{
"category": "product_version",
"name": "5.4.1",
"product": {
"name": "TIBCO FTL - Community Edition",
"product_id": "tib-5b3965d416c9f0ea"
}
},
{
"category": "product_version_range",
"name": "\u003c=5.4.0",
"product": {
"name": "TIBCO FTL - Community Edition",
"product_id": "tib-d738c5bcae453edc"
}
}
],
"category": "product_name",
"name": "TIBCO FTL - Community Edition"
},
{
"branches": [
{
"category": "product_version",
"name": "5.4.1",
"product": {
"name": "TIBCO FTL - Developer Edition",
"product_id": "tib-99a7e520219eaa79"
}
},
{
"category": "product_version_range",
"name": "\u003c=5.4.0",
"product": {
"name": "TIBCO FTL - Developer Edition",
"product_id": "tib-d9b1c93df48a8512"
}
}
],
"category": "product_name",
"name": "TIBCO FTL - Developer Edition"
},
{
"branches": [
{
"category": "product_version",
"name": "5.4.1",
"product": {
"name": "TIBCO FTL - Enterprise Edition",
"product_id": "tib-d726061fa42acb6f"
}
},
{
"category": "product_version_range",
"name": "\u003c=5.4.0",
"product": {
"name": "TIBCO FTL - Enterprise Edition",
"product_id": "tib-69a24450d98e9143"
}
}
],
"category": "product_name",
"name": "TIBCO FTL - Enterprise Edition"
},
{
"branches": [
{
"category": "product_version",
"name": "1.0.1",
"product": {
"name": "TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition",
"product_id": "tib-ec02e1bc3455437d"
}
},
{
"category": "product_version",
"name": "1.0.0",
"product": {
"name": "TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition",
"product_id": "tib-85b7bf23257b7b79"
}
}
],
"category": "product_name",
"name": "TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition"
},
{
"branches": [
{
"category": "product_version",
"name": "1.0.1",
"product": {
"name": "TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition",
"product_id": "tib-efef9535f83df707"
}
},
{
"category": "product_version",
"name": "1.0.0",
"product": {
"name": "TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition",
"product_id": "tib-00ef0d8cbb2743f0"
}
}
],
"category": "product_name",
"name": "TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition"
},
{
"branches": [
{
"category": "product_version",
"name": "8.4.6",
"product": {
"name": "TIBCO Rendezvous",
"product_id": "tib-4e225d426f9bdb35"
}
},
{
"category": "product_version_range",
"name": "\u003c=8.4.5",
"product": {
"name": "TIBCO Rendezvous",
"product_id": "tib-d12a26fc775222f3"
}
}
],
"category": "product_name",
"name": "TIBCO Rendezvous"
},
{
"branches": [
{
"category": "product_version",
"name": "8.4.6",
"product": {
"name": "TIBCO Rendezvous Developer Edition",
"product_id": "tib-1c0aabd8c36f9c89"
}
},
{
"category": "product_version_range",
"name": "\u003c=8.4.5",
"product": {
"name": "TIBCO Rendezvous Developer Edition",
"product_id": "tib-7c4d1e47368d2534"
}
}
],
"category": "product_name",
"name": "TIBCO Rendezvous Developer Edition"
},
{
"branches": [
{
"category": "product_version",
"name": "8.4.6",
"product": {
"name": "TIBCO Rendezvous for z/Linux",
"product_id": "tib-6e5df384a723fe5a"
}
},
{
"category": "product_version_range",
"name": "\u003c=8.4.5",
"product": {
"name": "TIBCO Rendezvous for z/Linux",
"product_id": "tib-6e5885be37cdfef0"
}
}
],
"category": "product_name",
"name": "TIBCO Rendezvous for z/Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "8.4.6",
"product": {
"name": "TIBCO Rendezvous for z/OS",
"product_id": "tib-4d72e2023125ef14"
}
},
{
"category": "product_version_range",
"name": "\u003c=8.4.5",
"product": {
"name": "TIBCO Rendezvous for z/OS",
"product_id": "tib-e9d6838f6a0306c9"
}
}
],
"category": "product_name",
"name": "TIBCO Rendezvous for z/OS"
},
{
"branches": [
{
"category": "product_version",
"name": "1.1.3",
"product": {
"name": "TIBCO Rendezvous Network Server",
"product_id": "tib-01127c04dd48e15c"
}
},
{
"category": "product_version_range",
"name": "\u003c=1.1.2",
"product": {
"name": "TIBCO Rendezvous Network Server",
"product_id": "tib-85d500f50543688b"
}
}
],
"category": "product_name",
"name": "TIBCO Rendezvous Network Server"
},
{
"branches": [
{
"category": "product_version",
"name": "2.12.1",
"product": {
"name": "TIBCO Substation ES",
"product_id": "tib-8ff34b2db891a874"
}
},
{
"category": "product_version_range",
"name": "\u003c=2.12.0",
"product": {
"name": "TIBCO Substation ES",
"product_id": "tib-ceef18d2cc5338a6"
}
}
],
"category": "product_name",
"name": "TIBCO Substation ES"
},
{
"branches": [
{
"category": "product_version",
"name": "8.4.1",
"product": {
"name": "TIBCO Enterprise Message Service",
"product_id": "tib-3d7a1a1f2d3c6928"
}
},
{
"category": "product_version_range",
"name": "\u003c=8.4.0",
"product": {
"name": "TIBCO Enterprise Message Service",
"product_id": "tib-5b2ca2b19631ae5f"
}
}
],
"category": "product_name",
"name": "TIBCO Enterprise Message Service"
},
{
"branches": [
{
"category": "product_version",
"name": "8.4.1",
"product": {
"name": "TIBCO Enterprise Message Service - Community Edition",
"product_id": "tib-bd592220f6045dfc"
}
},
{
"category": "product_version_range",
"name": "\u003c=8.4.0",
"product": {
"name": "TIBCO Enterprise Message Service - Community Edition",
"product_id": "tib-c86b0ae1af62667b"
}
}
],
"category": "product_name",
"name": "TIBCO Enterprise Message Service - Community Edition"
},
{
"branches": [
{
"category": "product_version",
"name": "8.4.1",
"product": {
"name": "TIBCO Enterprise Message Service - Developer Edition",
"product_id": "tib-ae8f03502e6d26a4"
}
},
{
"category": "product_version_range",
"name": "\u003c=8.4.0",
"product": {
"name": "TIBCO Enterprise Message Service - Developer Edition",
"product_id": "tib-8a8a566b9c5bd6db"
}
}
],
"category": "product_name",
"name": "TIBCO Enterprise Message Service - Developer Edition"
}
],
"category": "vendor",
"name": "TIBCO Software Inc."
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-12411",
"involvements": [
{
"date": "2018-11-06T17:00:00Z",
"party": "vendor",
"status": "completed"
}
],
"notes": [
{
"audience": "all",
"category": "faq",
"text": "## TIBCO ActiveSpaces\u00ae - Community Edition\n\n### Which product versions are affected?\n\n* TIBCO ActiveSpaces\u00ae - Community Edition versions 3.3.0, 3.4.0, and 3.5.0\n\n### Which component is affected?\n\n* administrative daemon (tibdgadmind)\n\n### How should customers handle these issues?\n\nFor each affected system, customers should update to the corresponding software versions:\n\n* TIBCO ActiveSpaces\u00ae - Community Edition version 3.5.1 or later\n\nPlease follow the instructions in the product installation manual.\n\n### What is updated by this new product version?\nPlease see the readme, release notes and/or documentation for a complete list of changes.\n\n\n## TIBCO ActiveSpaces\u00ae - Developer Edition\n\n### Which product versions are affected?\n\n* TIBCO ActiveSpaces\u00ae - Developer Edition versions 3.0.0, 3.1.0, 3.3.0, 3.4.0, and 3.5.0\n\n### Which component is affected?\n\n* administrative daemon (tibdgadmind)\n\n### How should customers handle these issues?\n\nFor each affected system, customers should update to the corresponding software versions:\n\n* TIBCO ActiveSpaces\u00ae - Developer Edition version 3.5.1 or later\n\nPlease follow the instructions in the product installation manual.\n\n### What is updated by this new product version?\nPlease see the readme, release notes and/or documentation for a complete list of changes.\n\n\n## TIBCO ActiveSpaces\u00ae - Enterprise Edition\n\n### Which product versions are affected?\n\n* TIBCO ActiveSpaces\u00ae - Enterprise Edition versions 3.0.0, 3.1.0, 3.2.0, 3.3.0, 3.4.0, and 3.5.0\n\n### Which component is affected?\n\n* administrative daemon (tibdgadmind)\n\n### How should customers handle these issues?\n\nFor each affected system, customers should update to the corresponding software versions:\n\n* TIBCO ActiveSpaces\u00ae - Enterprise Edition version 3.5.1 or later\n\nPlease follow the instructions in the product installation manual.\n\n### What is updated by this new product version?\nPlease see the readme, release notes and/or documentation for a complete list of changes.\n\n\n",
"title": "Frequently Asked Questions"
},
{
"audience": "all",
"category": "summary",
"text": "The component listed above contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"fixed": [
"tib-12de72030884a5a7",
"tib-6c919c012fa0cad2",
"tib-fe3fe3a9d73f691b"
],
"known_affected": [
"tib-dadee8bb3b660920",
"tib-ae689fb7c3a31636",
"tib-41357f13efa0471d",
"tib-c3de272f8f87dbde",
"tib-219649cefc7139fe",
"tib-6ba4ba40207a02df",
"tib-f1dd8ef7fb50b258",
"tib-9d46455dbc3938b2",
"tib-eb837b1f113446a8",
"tib-ff7a3afe1dea2b27",
"tib-7acacad7cb0410f4",
"tib-61f815f90c5612af",
"tib-2f5c7594aa7def4c",
"tib-a0b77e96104de7f4"
],
"recommended": [
"tib-12de72030884a5a7",
"tib-6c919c012fa0cad2",
"tib-fe3fe3a9d73f691b"
]
},
"references": [
{
"category": "external",
"summary": "Additional Information",
"url": "https://www.tibco.com/services/support/advisories"
}
],
"release_date": "2018-11-06T17:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-11-06T17:00:00Z",
"details": "Upgrade the affected component or components to the recommended version or later.",
"entitlements": [
"current maintenance",
"out of maintenance, contact with CASE ID: 01647666"
],
"product_ids": [
"tib-dadee8bb3b660920",
"tib-ae689fb7c3a31636",
"tib-41357f13efa0471d"
],
"restart_required": {
"category": "vulnerable_component"
},
"url": "https://edelivery.tibco.com/"
},
{
"category": "vendor_fix",
"date": "2018-11-06T17:00:00Z",
"details": "Upgrade the affected component or components to the recommended version or later.",
"entitlements": [
"current maintenance",
"out of maintenance, contact with CASE ID: 01647666"
],
"product_ids": [
"tib-c3de272f8f87dbde",
"tib-219649cefc7139fe",
"tib-6ba4ba40207a02df",
"tib-f1dd8ef7fb50b258",
"tib-9d46455dbc3938b2"
],
"restart_required": {
"category": "vulnerable_component"
},
"url": "https://edelivery.tibco.com/"
},
{
"category": "vendor_fix",
"date": "2018-11-06T17:00:00Z",
"details": "Upgrade the affected component or components to the recommended version or later.",
"entitlements": [
"current maintenance",
"out of maintenance, contact with CASE ID: 01647666"
],
"product_ids": [
"tib-eb837b1f113446a8",
"tib-ff7a3afe1dea2b27",
"tib-7acacad7cb0410f4",
"tib-61f815f90c5612af",
"tib-2f5c7594aa7def4c",
"tib-a0b77e96104de7f4"
],
"restart_required": {
"category": "vulnerable_component"
},
"url": "https://edelivery.tibco.com/"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"tib-dadee8bb3b660920",
"tib-ae689fb7c3a31636",
"tib-41357f13efa0471d",
"tib-c3de272f8f87dbde",
"tib-219649cefc7139fe",
"tib-6ba4ba40207a02df",
"tib-f1dd8ef7fb50b258",
"tib-9d46455dbc3938b2",
"tib-eb837b1f113446a8",
"tib-ff7a3afe1dea2b27",
"tib-7acacad7cb0410f4",
"tib-61f815f90c5612af",
"tib-2f5c7594aa7def4c",
"tib-a0b77e96104de7f4"
]
}
],
"title": "TIBCO ActiveSpaces Administrative Daemon Vulnerable to CSRF Attacks"
},
{
"cve": "CVE-2018-12412",
"involvements": [
{
"date": "2018-11-06T17:00:00Z",
"party": "vendor",
"status": "completed"
}
],
"notes": [
{
"audience": "all",
"category": "faq",
"text": "## TIBCO FTL\u00ae - Community Edition\n\n### Which product versions are affected?\n\n* TIBCO FTL\u00ae - Community Edition versions 5.4.0 and below\n\n### Which component is affected?\n\n* realm server (tibrealmserver)\n\n### How should customers handle these issues?\n\nFor each affected system, customers should update to the corresponding software versions:\n\n* TIBCO FTL\u00ae - Community Edition version 5.4.1 or later\n\nPlease follow the instructions in the product installation manual.\n\n### What is updated by this new product version?\nPlease see the readme, release notes and/or documentation for a complete list of changes.\n\n\n## TIBCO FTL\u00ae - Developer Edition\n\n### Which product versions are affected?\n\n* TIBCO FTL\u00ae - Developer Edition versions 5.4.0 and below\n\n### Which component is affected?\n\n* realm server (tibrealmserver)\n\n### How should customers handle these issues?\n\nFor each affected system, customers should update to the corresponding software versions:\n\n* TIBCO FTL\u00ae - Developer Edition version 5.4.1 or later\n\nPlease follow the instructions in the product installation manual.\n\n### What is updated by this new product version?\nPlease see the readme, release notes and/or documentation for a complete list of changes.\n\n\n## TIBCO FTL\u00ae - Enterprise Edition\n\n### Which product versions are affected?\n\n* TIBCO FTL\u00ae - Enterprise Edition versions 5.4.0 and below\n\n### Which component is affected?\n\n* realm server (tibrealmserver)\n\n### How should customers handle these issues?\n\nFor each affected system, customers should update to the corresponding software versions:\n\n* TIBCO FTL\u00ae - Enterprise Edition version 5.4.1 or later\n\nPlease follow the instructions in the product installation manual.\n\n### What is updated by this new product version?\nPlease see the readme, release notes and/or documentation for a complete list of changes.\n\n\n",
"title": "Frequently Asked Questions"
},
{
"audience": "all",
"category": "summary",
"text": "The component listed above contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"fixed": [
"tib-5b3965d416c9f0ea",
"tib-99a7e520219eaa79",
"tib-d726061fa42acb6f"
],
"known_affected": [
"tib-d738c5bcae453edc",
"tib-d9b1c93df48a8512",
"tib-69a24450d98e9143"
],
"recommended": [
"tib-5b3965d416c9f0ea",
"tib-99a7e520219eaa79",
"tib-d726061fa42acb6f"
]
},
"references": [
{
"category": "external",
"summary": "Additional Information",
"url": "https://www.tibco.com/services/support/advisories"
}
],
"release_date": "2018-11-06T17:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-11-06T17:00:00Z",
"details": "Upgrade the affected component or components to the recommended version or later.",
"entitlements": [
"current maintenance",
"out of maintenance, contact with CASE ID: 01647666"
],
"product_ids": [
"tib-d738c5bcae453edc"
],
"restart_required": {
"category": "vulnerable_component"
},
"url": "https://edelivery.tibco.com/"
},
{
"category": "vendor_fix",
"date": "2018-11-06T17:00:00Z",
"details": "Upgrade the affected component or components to the recommended version or later.",
"entitlements": [
"current maintenance",
"out of maintenance, contact with CASE ID: 01647666"
],
"product_ids": [
"tib-d9b1c93df48a8512"
],
"restart_required": {
"category": "vulnerable_component"
},
"url": "https://edelivery.tibco.com/"
},
{
"category": "vendor_fix",
"date": "2018-11-06T17:00:00Z",
"details": "Upgrade the affected component or components to the recommended version or later.",
"entitlements": [
"current maintenance",
"out of maintenance, contact with CASE ID: 01647666"
],
"product_ids": [
"tib-69a24450d98e9143"
],
"restart_required": {
"category": "vulnerable_component"
},
"url": "https://edelivery.tibco.com/"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"tib-d738c5bcae453edc",
"tib-d9b1c93df48a8512",
"tib-69a24450d98e9143"
]
}
],
"title": "TIBCO FTL Realm Server Vulnerable to CSRF Attacks"
},
{
"cve": "CVE-2018-12413",
"involvements": [
{
"date": "2018-11-06T17:00:00Z",
"party": "vendor",
"status": "completed"
}
],
"notes": [
{
"audience": "all",
"category": "faq",
"text": "## TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition\n\n### Which product versions are affected?\n\n* TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition version 1.0.0\n\n### Which component is affected?\n\n* Schema repository server (tibschemad)\n\n### How should customers handle these issues?\n\nFor each affected system, customers should update to the corresponding software versions:\n\n* TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition version 1.0.1 or later\n\nPlease follow the instructions in the product installation manual.\n\n### What is updated by this new product version?\nPlease see the readme, release notes and/or documentation for a complete list of changes.\n\n\n## TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition\n\n### Which product versions are affected?\n\n* TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition version 1.0.0\n\n### Which component is affected?\n\n* Schema repository server (tibschemad)\n\n### How should customers handle these issues?\n\nFor each affected system, customers should update to the corresponding software versions:\n\n* TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition version 1.0.1 or later\n\nPlease follow the instructions in the product installation manual.\n\n### What is updated by this new product version?\nPlease see the readme, release notes and/or documentation for a complete list of changes.\n\n\n",
"title": "Frequently Asked Questions"
},
{
"audience": "all",
"category": "summary",
"text": "The component listed above contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"fixed": [
"tib-ec02e1bc3455437d",
"tib-efef9535f83df707"
],
"known_affected": [
"tib-85b7bf23257b7b79",
"tib-00ef0d8cbb2743f0"
],
"recommended": [
"tib-ec02e1bc3455437d",
"tib-efef9535f83df707"
]
},
"references": [
{
"category": "external",
"summary": "Additional Information",
"url": "https://www.tibco.com/services/support/advisories"
}
],
"release_date": "2018-11-06T17:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-11-06T17:00:00Z",
"details": "Upgrade the affected component or components to the recommended version or later.",
"entitlements": [
"current maintenance",
"out of maintenance, contact with CASE ID: 01647666"
],
"product_ids": [
"tib-85b7bf23257b7b79"
],
"restart_required": {
"category": "vulnerable_component"
},
"url": "https://edelivery.tibco.com/"
},
{
"category": "vendor_fix",
"date": "2018-11-06T17:00:00Z",
"details": "Upgrade the affected component or components to the recommended version or later.",
"entitlements": [
"current maintenance",
"out of maintenance, contact with CASE ID: 01647666"
],
"product_ids": [
"tib-00ef0d8cbb2743f0"
],
"restart_required": {
"category": "vulnerable_component"
},
"url": "https://edelivery.tibco.com/"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"tib-85b7bf23257b7b79",
"tib-00ef0d8cbb2743f0"
]
}
],
"title": "TIBCO Messaging - Apache Kafka Distribution - Schema Repository Vulnerable to CSRF Attacks"
},
{
"cve": "CVE-2018-12414",
"involvements": [
{
"date": "2018-11-06T17:00:00Z",
"party": "vendor",
"status": "completed"
}
],
"notes": [
{
"audience": "all",
"category": "faq",
"text": "## TIBCO Rendezvous\u00ae\n\n### Which product versions are affected?\n\n* TIBCO Rendezvous\u00ae versions 8.4.5 and below\n\n### Which component is affected?\n\n* Rendezvous Routing Daemon (rvrd)\n* Rendezvous Secure Routing Daemon (rvrsd)\n* Rendezvous Secure Daemon (rvsd)\n* Rendezvous Cache (rvcache)\n* Rendezvous Daemon Manager (rvdm)\n\n### How should customers handle these issues?\n\nFor each affected system, customers should update to the corresponding software versions:\n\n* TIBCO Rendezvous\u00ae version 8.4.6 or later\n\nPlease follow the instructions in the product installation manual.\n\n### What is updated by this new product version?\nPlease see the readme, release notes and/or documentation for a complete list of changes.\n\n\n## TIBCO Rendezvous\u00ae Developer Edition\n\n### Which product versions are affected?\n\n* TIBCO Rendezvous\u00ae Developer Edition versions 8.4.5 and below\n\n### Which component is affected?\n\n* Rendezvous Routing Daemon (rvrd)\n* Rendezvous Secure Routing Daemon (rvrsd)\n* Rendezvous Secure Daemon (rvsd)\n* Rendezvous Cache (rvcache)\n* Rendezvous Daemon Manager (rvdm)\n\n### How should customers handle these issues?\n\nFor each affected system, customers should update to the corresponding software versions:\n\n* TIBCO Rendezvous\u00ae Developer Edition version 8.4.6 or later\n\nPlease follow the instructions in the product installation manual.\n\n### What is updated by this new product version?\nPlease see the readme, release notes and/or documentation for a complete list of changes.\n\n\n## TIBCO Rendezvous\u00ae Network Server\n\n### Which product versions are affected?\n\n* TIBCO Rendezvous\u00ae Network Server versions 1.1.2 and below\n\n### Which component is affected?\n\n* Rendezvous Routing Daemon (rvrd)\n* Rendezvous Secure Routing Daemon (rvrsd)\n* Rendezvous Secure Daemon (rvsd)\n* Rendezvous Cache (rvcache)\n* Rendezvous Daemon Manager (rvdm)\n\n### How should customers handle these issues?\n\nFor each affected system, customers should update to the corresponding software versions:\n\n* TIBCO Rendezvous\u00ae Network Server version 1.1.3 or later\n\nPlease follow the instructions in the product installation manual.\n\n### What is updated by this new product version?\nPlease see the readme, release notes and/or documentation for a complete list of changes.\n\n\n## TIBCO Rendezvous\u00ae for z/Linux\n\n### Which product versions are affected?\n\n* TIBCO Rendezvous\u00ae for z/Linux versions 8.4.5 and below\n\n### Which component is affected?\n\n* Rendezvous Routing Daemon (rvrd)\n* Rendezvous Secure Routing Daemon (rvrsd)\n* Rendezvous Secure Daemon (rvsd)\n* Rendezvous Cache (rvcache)\n* Rendezvous Daemon Manager (rvdm)\n\n### How should customers handle these issues?\n\nFor each affected system, customers should update to the corresponding software versions:\n\n* TIBCO Rendezvous\u00ae for z/Linux version 8.4.6 or later\n\nPlease follow the instructions in the product installation manual.\n\n### What is updated by this new product version?\nPlease see the readme, release notes and/or documentation for a complete list of changes.\n\n\n## TIBCO Rendezvous\u00ae for z/OS\n\n### Which product versions are affected?\n\n* TIBCO Rendezvous\u00ae for z/OS versions 8.4.5 and below\n\n### Which component is affected?\n\n* Rendezvous Routing Daemon (rvrd)\n* Rendezvous Secure Routing Daemon (rvrsd)\n* Rendezvous Secure Daemon (rvsd)\n* Rendezvous Cache (rvcache)\n* Rendezvous Daemon Manager (rvdm)\n\n### How should customers handle these issues?\n\nFor each affected system, customers should update to the corresponding software versions:\n\n* TIBCO Rendezvous\u00ae for z/OS version 8.4.6 or later\n\nPlease follow the instructions in the product installation manual.\n\n### What is updated by this new product version?\nPlease see the readme, release notes and/or documentation for a complete list of changes.\n\n\n## TIBCO Substation ES\u2122\n\n### Which product versions are affected?\n\n* TIBCO Substation ES\u2122 versions 2.12.0 and below\n\n### Which component is affected?\n\n* Rendezvous Routing Daemon (rvrd)\n* Rendezvous Secure Routing Daemon (rvrsd)\n* Rendezvous Secure Daemon (rvsd)\n* Rendezvous Cache (rvcache)\n* Rendezvous Daemon Manager (rvdm)\n\n### How should customers handle these issues?\n\nFor each affected system, customers should update to the corresponding software versions:\n\n* TIBCO Substation ES\u2122 version 2.12.1 or later\n\nPlease follow the instructions in the product installation manual.\n\n### What is updated by this new product version?\nPlease see the readme, release notes and/or documentation for a complete list of changes.\n\n\n",
"title": "Frequently Asked Questions"
},
{
"audience": "all",
"category": "summary",
"text": "The components listed above contain vulnerabilities which may allow an attacker to perform cross-site request forgery (CSRF) attacks.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"fixed": [
"tib-4e225d426f9bdb35",
"tib-1c0aabd8c36f9c89",
"tib-6e5df384a723fe5a",
"tib-4d72e2023125ef14",
"tib-01127c04dd48e15c",
"tib-8ff34b2db891a874"
],
"known_affected": [
"tib-d12a26fc775222f3",
"tib-7c4d1e47368d2534",
"tib-6e5885be37cdfef0",
"tib-e9d6838f6a0306c9",
"tib-85d500f50543688b",
"tib-ceef18d2cc5338a6"
],
"recommended": [
"tib-4e225d426f9bdb35",
"tib-1c0aabd8c36f9c89",
"tib-6e5df384a723fe5a",
"tib-4d72e2023125ef14",
"tib-01127c04dd48e15c",
"tib-8ff34b2db891a874"
]
},
"references": [
{
"category": "external",
"summary": "Additional Information",
"url": "https://www.tibco.com/services/support/advisories"
}
],
"release_date": "2018-11-06T17:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-11-06T17:00:00Z",
"details": "Upgrade the affected component or components to the recommended version or later.",
"entitlements": [
"current maintenance",
"out of maintenance, contact with CASE ID: 01647666"
],
"product_ids": [
"tib-d12a26fc775222f3"
],
"restart_required": {
"category": "vulnerable_component"
},
"url": "https://edelivery.tibco.com/"
},
{
"category": "vendor_fix",
"date": "2018-11-06T17:00:00Z",
"details": "Upgrade the affected component or components to the recommended version or later.",
"entitlements": [
"current maintenance",
"out of maintenance, contact with CASE ID: 01647666"
],
"product_ids": [
"tib-7c4d1e47368d2534"
],
"restart_required": {
"category": "vulnerable_component"
},
"url": "https://edelivery.tibco.com/"
},
{
"category": "vendor_fix",
"date": "2018-11-06T17:00:00Z",
"details": "Upgrade the affected component or components to the recommended version or later.",
"entitlements": [
"current maintenance",
"out of maintenance, contact with CASE ID: 01647666"
],
"product_ids": [
"tib-6e5885be37cdfef0"
],
"restart_required": {
"category": "vulnerable_component"
},
"url": "https://edelivery.tibco.com/"
},
{
"category": "vendor_fix",
"date": "2018-11-06T17:00:00Z",
"details": "Upgrade the affected component or components to the recommended version or later.",
"entitlements": [
"current maintenance",
"out of maintenance, contact with CASE ID: 01647666"
],
"product_ids": [
"tib-e9d6838f6a0306c9"
],
"restart_required": {
"category": "vulnerable_component"
},
"url": "https://edelivery.tibco.com/"
},
{
"category": "vendor_fix",
"date": "2018-11-06T17:00:00Z",
"details": "Upgrade the affected component or components to the recommended version or later.",
"entitlements": [
"current maintenance",
"out of maintenance, contact with CASE ID: 01647666"
],
"product_ids": [
"tib-85d500f50543688b"
],
"restart_required": {
"category": "vulnerable_component"
},
"url": "https://edelivery.tibco.com/"
},
{
"category": "vendor_fix",
"date": "2018-11-06T17:00:00Z",
"details": "Upgrade the affected component or components to the recommended version or later.",
"entitlements": [
"current maintenance",
"out of maintenance, contact with CASE ID: 01647666"
],
"product_ids": [
"tib-ceef18d2cc5338a6"
],
"restart_required": {
"category": "vulnerable_component"
},
"url": "https://edelivery.tibco.com/"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"tib-d12a26fc775222f3",
"tib-7c4d1e47368d2534",
"tib-6e5885be37cdfef0",
"tib-e9d6838f6a0306c9",
"tib-85d500f50543688b",
"tib-ceef18d2cc5338a6"
]
}
],
"title": "TIBCO Rendezvous Vulnerable to CSRF Attacks"
},
{
"cve": "CVE-2018-12415",
"involvements": [
{
"date": "2018-11-06T17:00:00Z",
"party": "vendor",
"status": "completed"
}
],
"notes": [
{
"audience": "all",
"category": "faq",
"text": "## TIBCO Enterprise Message Service\u2122\n\n### Which product versions are affected?\n\n* TIBCO Enterprise Message Service\u2122 versions 8.4.0 and below\n\n### Which component is affected?\n\n* Central Administration server (emsca)\n\n### How should customers handle these issues?\n\nFor each affected system, customers should update to the corresponding software versions:\n\n* TIBCO Enterprise Message Service\u2122 version 8.4.1 or later\n\nPlease follow the instructions in the product installation manual.\n\n### What is updated by this new product version?\nPlease see the readme, release notes and/or documentation for a complete list of changes.\n\n\n## TIBCO Enterprise Message Service\u2122 - Community Edition\n\n### Which product versions are affected?\n\n* TIBCO Enterprise Message Service\u2122 - Community Edition versions 8.4.0 and below\n\n### Which component is affected?\n\n* Central Administration server (emsca)\n\n### How should customers handle these issues?\n\nFor each affected system, customers should update to the corresponding software versions:\n\n* TIBCO Enterprise Message Service\u2122 - Community Edition version 8.4.1 or later\n\nPlease follow the instructions in the product installation manual.\n\n### What is updated by this new product version?\nPlease see the readme, release notes and/or documentation for a complete list of changes.\n\n\n",
"title": "Frequently Asked Questions"
},
{
"audience": "all",
"category": "summary",
"text": "The component listed above contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"fixed": [
"tib-3d7a1a1f2d3c6928",
"tib-bd592220f6045dfc",
"tib-ae8f03502e6d26a4"
],
"known_affected": [
"tib-5b2ca2b19631ae5f",
"tib-c86b0ae1af62667b",
"tib-8a8a566b9c5bd6db"
],
"recommended": [
"tib-3d7a1a1f2d3c6928",
"tib-bd592220f6045dfc",
"tib-ae8f03502e6d26a4"
]
},
"references": [
{
"category": "external",
"summary": "Additional Information",
"url": "https://www.tibco.com/services/support/advisories"
}
],
"release_date": "2018-11-06T17:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-11-06T17:00:00Z",
"details": "Upgrade the affected component or components to the recommended version or later.",
"entitlements": [
"current maintenance",
"out of maintenance, contact with CASE ID: 01647666"
],
"product_ids": [
"tib-5b2ca2b19631ae5f"
],
"restart_required": {
"category": "vulnerable_component"
},
"url": "https://edelivery.tibco.com/"
},
{
"category": "vendor_fix",
"date": "2018-11-06T17:00:00Z",
"details": "Upgrade the affected component or components to the recommended version or later.",
"entitlements": [
"current maintenance",
"out of maintenance, contact with CASE ID: 01647666"
],
"product_ids": [
"tib-c86b0ae1af62667b"
],
"restart_required": {
"category": "vulnerable_component"
},
"url": "https://edelivery.tibco.com/"
},
{
"category": "vendor_fix",
"date": "2018-11-06T17:00:00Z",
"details": "Upgrade the affected component or components to the recommended version or later.",
"entitlements": [
"current maintenance",
"out of maintenance, contact with CASE ID: 01647666"
],
"product_ids": [
"tib-8a8a566b9c5bd6db"
],
"restart_required": {
"category": "vulnerable_component"
},
"url": "https://edelivery.tibco.com/"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"tib-5b2ca2b19631ae5f",
"tib-c86b0ae1af62667b",
"tib-8a8a566b9c5bd6db"
]
}
],
"title": "TIBCO Enterprise Message Service Vulnerable to CSRF Attacks"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.