Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-12415 (GCVE-0-2018-12415)
Vulnerability from cvelistv5 – Published: 2018-11-07 00:00 – Updated: 2024-09-16 20:22
VLAI
EPSS
Title
TIBCO Enterprise Message Service Vulnerable to CSRF Attacks
Summary
The Central Administration server (emsca) component of TIBCO Software Inc.'s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Enterprise Message Service: versions 8.4.0 and below, TIBCO Enterprise Message Service - Community Edition: versions 8.4.0 and below, and TIBCO Enterprise Message Service - Developer Edition: versions 8.4.0 and below.
Severity
7.5 (High)
CWE
- In deployments of TIBCO Enterprise Message Service (EMS) that use the Central Administration server, the impact of this vulnerability includes the theoretical possibility of reconfiguring all EMS servers administered by the affected component. With such access, the attacker might also be able to gain access to all data sent via EMS.
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.tibco.com/services/support/advisories | x_refsource_MISC |
| https://www.tibco.com/support/advisories/2018/11/… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/105850 | vdb-entryx_refsource_BID |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| TIBCO Software Inc. | TIBCO Enterprise Message Service |
Affected:
8.4.0 and previous
|
|
| TIBCO Software Inc. | TIBCO Enterprise Message Service - Community Edition |
Affected:
8.4.0 and previous
|
|
| TIBCO Software Inc. | TIBCO Enterprise Message Service - Developer Edition |
Affected:
8.4.0 and previous
|
Date Public
2018-11-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:38:05.049Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-enterprise-messaging-service"
},
{
"name": "105850",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105850"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Enterprise Message Service",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "8.4.0 and previous"
}
]
},
{
"product": "TIBCO Enterprise Message Service - Community Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "8.4.0 and previous"
}
]
},
{
"product": "TIBCO Enterprise Message Service - Developer Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "8.4.0 and previous"
}
]
}
],
"datePublic": "2018-11-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Central Administration server (emsca) component of TIBCO Software Inc.\u0027s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.\u0027s TIBCO Enterprise Message Service: versions 8.4.0 and below, TIBCO Enterprise Message Service - Community Edition: versions 8.4.0 and below, and TIBCO Enterprise Message Service - Developer Edition: versions 8.4.0 and below."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "In deployments of TIBCO Enterprise Message Service (EMS) that use the Central Administration server, the impact of this vulnerability includes the theoretical possibility of reconfiguring all EMS servers administered by the affected component. With such access, the attacker might also be able to gain access to all data sent via EMS.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-29T15:52:24.000Z",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-enterprise-messaging-service"
},
{
"name": "105850",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105850"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Enterprise Message Service versions 8.4.0 and below update to version 8.4.1 or higher\nTIBCO Enterprise Message Service - Community Edition versions 8.4.0 and below update to version 8.4.1 or higher\nTIBCO Enterprise Message Service - Developer Edition versions 8.4.0 and below update to version 8.4.1 or higher"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "TIBCO Enterprise Message Service Vulnerable to CSRF Attacks",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2018-11-06T17:00:00Z",
"ID": "CVE-2018-12415",
"STATE": "PUBLIC",
"TITLE": "TIBCO Enterprise Message Service Vulnerable to CSRF Attacks",
"UPDATED": "2020-01-28T17:00:00Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Enterprise Message Service",
"version": {
"version_data": [
{
"version_value": "8.4.0 and previous"
}
]
}
},
{
"product_name": "TIBCO Enterprise Message Service - Community Edition",
"version": {
"version_data": [
{
"version_value": "8.4.0 and previous"
}
]
}
},
{
"product_name": "TIBCO Enterprise Message Service - Developer Edition",
"version": {
"version_data": [
{
"version_value": "8.4.0 and previous"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Central Administration server (emsca) component of TIBCO Software Inc.\u0027s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.\u0027s TIBCO Enterprise Message Service: versions 8.4.0 and below, TIBCO Enterprise Message Service - Community Edition: versions 8.4.0 and below, and TIBCO Enterprise Message Service - Developer Edition: versions 8.4.0 and below."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "In deployments of TIBCO Enterprise Message Service (EMS) that use the Central Administration server, the impact of this vulnerability includes the theoretical possibility of reconfiguring all EMS servers administered by the affected component. With such access, the attacker might also be able to gain access to all data sent via EMS."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "MISC",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-enterprise-messaging-service",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-enterprise-messaging-service"
},
{
"name": "105850",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105850"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Enterprise Message Service versions 8.4.0 and below update to version 8.4.1 or higher\nTIBCO Enterprise Message Service - Community Edition versions 8.4.0 and below update to version 8.4.1 or higher\nTIBCO Enterprise Message Service - Developer Edition versions 8.4.0 and below update to version 8.4.1 or higher"
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2018-12415",
"datePublished": "2018-11-07T00:00:00.000Z",
"dateReserved": "2018-06-14T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:22:46.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2018-12415",
"date": "2026-07-01",
"epss": "0.00871",
"percentile": "0.54373"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2018-12415\",\"sourceIdentifier\":\"security@tibco.com\",\"published\":\"2018-11-06T23:29:00.450\",\"lastModified\":\"2024-11-21T03:45:10.873\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Central Administration server (emsca) component of TIBCO Software Inc.\u0027s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.\u0027s TIBCO Enterprise Message Service: versions 8.4.0 and below, TIBCO Enterprise Message Service - Community Edition: versions 8.4.0 and below, and TIBCO Enterprise Message Service - Developer Edition: versions 8.4.0 and below.\"},{\"lang\":\"es\",\"value\":\"El componente del servidor Central Administration (emsca) de TIBCO Software Inc.\u0027s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, y TIBCO Enterprise Message Service - Developer Edition, contiene una vulnerabilidad que podr\u00eda permitir que un atacante realice ataques Cross-Site Request Forgery (CSRF). Las versiones afectadas son TIBCO Software Inc., TIBCO Enterprise Message Service: versiones 8.4.0 y por debajo, TIBCO Enterprise Message Service - Community Edition: versiones 8.4.0 y por debajo, y TIBCO Enterprise Message Service - Developer Edition: versiones 8.4.0 y por debajo.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"security@tibco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-352\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tibco:enterprise_message_service:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"8.4.0\",\"matchCriteriaId\":\"FE16B9B6-200D-42BB-97A3-78D58226FE18\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/105850\",\"source\":\"security@tibco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.tibco.com/services/support/advisories\",\"source\":\"security@tibco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-enterprise-messaging-service\",\"source\":\"security@tibco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/105850\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.tibco.com/services/support/advisories\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-enterprise-messaging-service\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
FKIE_CVE-2018-12415
Vulnerability from fkie_nvd - Published: 2018-11-06 23:29 - Updated: 2026-06-17 01:37
Severity
7.5 (High) - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
The Central Administration server (emsca) component of TIBCO Software Inc.'s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Enterprise Message Service: versions 8.4.0 and below, TIBCO Enterprise Message Service - Community Edition: versions 8.4.0 and below, and TIBCO Enterprise Message Service - Developer Edition: versions 8.4.0 and below.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tibco | enterprise_message_service | * |
{
"affected": [
{
"affectedData": [
{
"product": "TIBCO Enterprise Message Service",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "8.4.0 and previous"
}
]
},
{
"product": "TIBCO Enterprise Message Service - Community Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "8.4.0 and previous"
}
]
},
{
"product": "TIBCO Enterprise Message Service - Developer Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "8.4.0 and previous"
}
]
}
],
"source": "security@tibco.com"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:enterprise_message_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE16B9B6-200D-42BB-97A3-78D58226FE18",
"versionEndIncluding": "8.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Central Administration server (emsca) component of TIBCO Software Inc.\u0027s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.\u0027s TIBCO Enterprise Message Service: versions 8.4.0 and below, TIBCO Enterprise Message Service - Community Edition: versions 8.4.0 and below, and TIBCO Enterprise Message Service - Developer Edition: versions 8.4.0 and below."
},
{
"lang": "es",
"value": "El componente del servidor Central Administration (emsca) de TIBCO Software Inc.\u0027s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, y TIBCO Enterprise Message Service - Developer Edition, contiene una vulnerabilidad que podr\u00eda permitir que un atacante realice ataques Cross-Site Request Forgery (CSRF). Las versiones afectadas son TIBCO Software Inc., TIBCO Enterprise Message Service: versiones 8.4.0 y por debajo, TIBCO Enterprise Message Service - Community Edition: versiones 8.4.0 y por debajo, y TIBCO Enterprise Message Service - Developer Edition: versiones 8.4.0 y por debajo."
}
],
"id": "CVE-2018-12415",
"lastModified": "2026-06-17T01:37:45.073",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "security@tibco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-11-06T23:29:00.450",
"references": [
{
"source": "security@tibco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105850"
},
{
"source": "security@tibco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"source": "security@tibco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-enterprise-messaging-service"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105850"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-enterprise-messaging-service"
}
],
"sourceIdentifier": "security@tibco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-WCH7-4W8F-VG94
Vulnerability from github – Published: 2022-05-13 01:28 – Updated: 2022-05-13 01:28
VLAI
Details
The Central Administration server (emsca) component of TIBCO Software Inc.'s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Enterprise Message Service: versions 8.4.0 and below, TIBCO Enterprise Message Service - Community Edition: versions 8.4.0 and below, and TIBCO Enterprise Message Service - Developer Edition: versions 8.4.0 and below.
Severity
8.8 (High)
{
"affected": [],
"aliases": [
"CVE-2018-12415"
],
"database_specific": {
"cwe_ids": [
"CWE-352"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-11-06T23:29:00Z",
"severity": "HIGH"
},
"details": "The Central Administration server (emsca) component of TIBCO Software Inc.\u0027s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.\u0027s TIBCO Enterprise Message Service: versions 8.4.0 and below, TIBCO Enterprise Message Service - Community Edition: versions 8.4.0 and below, and TIBCO Enterprise Message Service - Developer Edition: versions 8.4.0 and below.",
"id": "GHSA-wch7-4w8f-vg94",
"modified": "2022-05-13T01:28:43Z",
"published": "2022-05-13T01:28:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12415"
},
{
"type": "WEB",
"url": "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-enterprise-messaging-service"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/105850"
},
{
"type": "WEB",
"url": "http://www.tibco.com/services/support/advisories"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2018-12415
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
The Central Administration server (emsca) component of TIBCO Software Inc.'s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Enterprise Message Service: versions 8.4.0 and below, TIBCO Enterprise Message Service - Community Edition: versions 8.4.0 and below, and TIBCO Enterprise Message Service - Developer Edition: versions 8.4.0 and below.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-12415",
"description": "The Central Administration server (emsca) component of TIBCO Software Inc.\u0027s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.\u0027s TIBCO Enterprise Message Service: versions 8.4.0 and below, TIBCO Enterprise Message Service - Community Edition: versions 8.4.0 and below, and TIBCO Enterprise Message Service - Developer Edition: versions 8.4.0 and below.",
"id": "GSD-2018-12415"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-12415"
],
"details": "The Central Administration server (emsca) component of TIBCO Software Inc.\u0027s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.\u0027s TIBCO Enterprise Message Service: versions 8.4.0 and below, TIBCO Enterprise Message Service - Community Edition: versions 8.4.0 and below, and TIBCO Enterprise Message Service - Developer Edition: versions 8.4.0 and below.",
"id": "GSD-2018-12415",
"modified": "2023-12-13T01:22:30.578764Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2018-11-06T17:00:00Z",
"ID": "CVE-2018-12415",
"STATE": "PUBLIC",
"TITLE": "TIBCO Enterprise Message Service Vulnerable to CSRF Attacks",
"UPDATED": "2020-01-28T17:00:00Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Enterprise Message Service",
"version": {
"version_data": [
{
"version_value": "8.4.0 and previous"
}
]
}
},
{
"product_name": "TIBCO Enterprise Message Service - Community Edition",
"version": {
"version_data": [
{
"version_value": "8.4.0 and previous"
}
]
}
},
{
"product_name": "TIBCO Enterprise Message Service - Developer Edition",
"version": {
"version_data": [
{
"version_value": "8.4.0 and previous"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Central Administration server (emsca) component of TIBCO Software Inc.\u0027s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.\u0027s TIBCO Enterprise Message Service: versions 8.4.0 and below, TIBCO Enterprise Message Service - Community Edition: versions 8.4.0 and below, and TIBCO Enterprise Message Service - Developer Edition: versions 8.4.0 and below."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "In deployments of TIBCO Enterprise Message Service (EMS) that use the Central Administration server, the impact of this vulnerability includes the theoretical possibility of reconfiguring all EMS servers administered by the affected component. With such access, the attacker might also be able to gain access to all data sent via EMS."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "MISC",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-enterprise-messaging-service",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-enterprise-messaging-service"
},
{
"name": "105850",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105850"
}
]
},
"solution": [
{
"lang": "eng",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Enterprise Message Service versions 8.4.0 and below update to version 8.4.1 or higher\nTIBCO Enterprise Message Service - Community Edition versions 8.4.0 and below update to version 8.4.1 or higher\nTIBCO Enterprise Message Service - Developer Edition versions 8.4.0 and below update to version 8.4.1 or higher"
}
],
"source": {
"discovery": "INTERNAL"
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:tibco:enterprise_message_service:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.4.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"ID": "CVE-2018-12415"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The Central Administration server (emsca) component of TIBCO Software Inc.\u0027s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.\u0027s TIBCO Enterprise Message Service: versions 8.4.0 and below, TIBCO Enterprise Message Service - Community Edition: versions 8.4.0 and below, and TIBCO Enterprise Message Service - Developer Edition: versions 8.4.0 and below."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-enterprise-messaging-service",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-enterprise-messaging-service"
},
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "105850",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105850"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2020-01-29T16:15Z",
"publishedDate": "2018-11-06T23:29Z"
}
}
}
TIBCO-2018-023
Vulnerability from csaf_tibco - Published: 2018-11-06 17:00 - Updated: 2020-01-28 17:00Summary
TIBCO Security Advisory TIBCO-2018-023
Notes
Frequently Asked Questions: # FREQUENTLY ASKED QUESTIONS
## Why is this advisory being issued?
Security vulnerabilities have been discovered in:
* TIBCO ActiveSpaces® - Community Edition versions 3.3.0, 3.4.0, and 3.5.0
* TIBCO ActiveSpaces® - Developer Edition versions 3.0.0, 3.1.0, 3.3.0, 3.4.0, and 3.5.0
* TIBCO ActiveSpaces® - Enterprise Edition versions 3.0.0, 3.1.0, 3.2.0, 3.3.0, 3.4.0, and 3.5.0
* TIBCO Enterprise Message Service™ versions 8.4.0 and below
* TIBCO Enterprise Message Service™ - Community Edition versions 8.4.0 and below
* TIBCO Enterprise Message Service™ Developer Edition versions 8.4.0 and below
* TIBCO FTL® - Community Edition versions 5.4.0 and below
* TIBCO FTL® - Developer Edition versions 5.4.0 and below
* TIBCO FTL® - Enterprise Edition versions 5.4.0 and below
* TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition version 1.0.0
* TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition version 1.0.0
* TIBCO Rendezvous® versions 8.4.5 and below
* TIBCO Rendezvous® Developer Edition versions 8.4.5 and below
* TIBCO Rendezvous® Network Server versions 1.1.2 and below
* TIBCO Rendezvous® for z/Linux versions 8.4.5 and below
* TIBCO Rendezvous® for z/OS versions 8.4.5 and below
* TIBCO Substation ES™ versions 2.12.0 and below
## What is the impact of these vulnerabilities?
For detailed information on the vulnerability, please see the
[security advisory](https://www.tibco.com/services/support/advisories).
## Which customers are affected?
These issues affect all customers using the above product versions.
## Where can I get software updates?
Customers with current maintenance for the affected products can obtain product updates
through their standard TIBCO fulfillment channel, via the Community site, the AWS Marketplace or
the Azure Marketplace as appropriate.
## How will customers who receive TIBCO software via OEM partners be affected?
Customers of OEM partners can receive new versions and hot fixes from their OEM partners.
Please contact your OEM partner for updates.
## Can I get the software update if I am not current on maintenance, if I do not have access to the download site or access to TIBCO support?
Please contact us through [this online form](https://www.tibco.com/contact-us),
and we will get in touch with you. Please reference CASE ID: 01647666 in your
communication to indicate the context of your request.
## What is tibco doing to prevent future security issues?
TIBCO takes security very seriously. We perform rigorous testing for every product release,
as well as code audits, structured walkthroughs and peer reviews. TIBCO has identified
security vulnerabilities in products during internal testing and reviews and corrected them
prior to release. TIBCO constantly evaluates and augments its security measures and will
continue to do so.
## Where can I get more information?
Product advisories can be accessed from the
[Security Advisories for TIBCO Products](https://www.tibco.com/services/support/advisories) web page.
Customers with a current maintenance contract with TIBCO can log a case with TIBCO Global Support
(please refer to the service request identifier listed above) and then call your support telephone number.
Maintenance customers can also view product-specific Late Breaking News through the TIBCO Support Web.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
TIBCO ActiveSpaces - Community Edition
TIBCO Software Inc. / TIBCO ActiveSpaces - Community Edition
|
3.5.1 | ||
|
TIBCO ActiveSpaces - Developer Edition
TIBCO Software Inc. / TIBCO ActiveSpaces - Developer Edition
|
3.5.1 | ||
|
TIBCO ActiveSpaces - Enterprise Edition
TIBCO Software Inc. / TIBCO ActiveSpaces - Enterprise Edition
|
3.5.1 |
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
TIBCO ActiveSpaces - Community Edition
TIBCO Software Inc. / TIBCO ActiveSpaces - Community Edition
|
3.3.0 |
Vendor Fix
fix
|
|
|
TIBCO ActiveSpaces - Community Edition
TIBCO Software Inc. / TIBCO ActiveSpaces - Community Edition
|
3.4.0 |
Vendor Fix
fix
|
|
|
TIBCO ActiveSpaces - Community Edition
TIBCO Software Inc. / TIBCO ActiveSpaces - Community Edition
|
3.5.0 |
Vendor Fix
fix
|
|
|
TIBCO ActiveSpaces - Developer Edition
TIBCO Software Inc. / TIBCO ActiveSpaces - Developer Edition
|
3.0.0 |
Vendor Fix
fix
|
|
|
TIBCO ActiveSpaces - Developer Edition
TIBCO Software Inc. / TIBCO ActiveSpaces - Developer Edition
|
3.1.0 |
Vendor Fix
fix
|
|
|
TIBCO ActiveSpaces - Developer Edition
TIBCO Software Inc. / TIBCO ActiveSpaces - Developer Edition
|
3.3.0 |
Vendor Fix
fix
|
|
|
TIBCO ActiveSpaces - Developer Edition
TIBCO Software Inc. / TIBCO ActiveSpaces - Developer Edition
|
3.4.0 |
Vendor Fix
fix
|
|
|
TIBCO ActiveSpaces - Developer Edition
TIBCO Software Inc. / TIBCO ActiveSpaces - Developer Edition
|
3.5.0 |
Vendor Fix
fix
|
|
|
TIBCO ActiveSpaces - Enterprise Edition
TIBCO Software Inc. / TIBCO ActiveSpaces - Enterprise Edition
|
3.0.0 |
Vendor Fix
fix
|
|
|
TIBCO ActiveSpaces - Enterprise Edition
TIBCO Software Inc. / TIBCO ActiveSpaces - Enterprise Edition
|
3.1.0 |
Vendor Fix
fix
|
|
|
TIBCO ActiveSpaces - Enterprise Edition
TIBCO Software Inc. / TIBCO ActiveSpaces - Enterprise Edition
|
3.2.0 |
Vendor Fix
fix
|
|
|
TIBCO ActiveSpaces - Enterprise Edition
TIBCO Software Inc. / TIBCO ActiveSpaces - Enterprise Edition
|
3.3.0 |
Vendor Fix
fix
|
|
|
TIBCO ActiveSpaces - Enterprise Edition
TIBCO Software Inc. / TIBCO ActiveSpaces - Enterprise Edition
|
3.4.0 |
Vendor Fix
fix
|
|
|
TIBCO ActiveSpaces - Enterprise Edition
TIBCO Software Inc. / TIBCO ActiveSpaces - Enterprise Edition
|
3.5.0 |
Vendor Fix
fix
|
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
TIBCO ActiveSpaces - Community Edition
TIBCO Software Inc. / TIBCO ActiveSpaces - Community Edition
|
3.5.1 | ||
|
TIBCO ActiveSpaces - Developer Edition
TIBCO Software Inc. / TIBCO ActiveSpaces - Developer Edition
|
3.5.1 | ||
|
TIBCO ActiveSpaces - Enterprise Edition
TIBCO Software Inc. / TIBCO ActiveSpaces - Enterprise Edition
|
3.5.1 |
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
TIBCO FTL - Community Edition
TIBCO Software Inc. / TIBCO FTL - Community Edition
|
5.4.1 | ||
|
TIBCO FTL - Developer Edition
TIBCO Software Inc. / TIBCO FTL - Developer Edition
|
5.4.1 | ||
|
TIBCO FTL - Enterprise Edition
TIBCO Software Inc. / TIBCO FTL - Enterprise Edition
|
5.4.1 |
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
TIBCO FTL - Community Edition
TIBCO Software Inc. / TIBCO FTL - Community Edition
|
<=5.4.0 |
Vendor Fix
fix
|
|
|
TIBCO FTL - Developer Edition
TIBCO Software Inc. / TIBCO FTL - Developer Edition
|
<=5.4.0 |
Vendor Fix
fix
|
|
|
TIBCO FTL - Enterprise Edition
TIBCO Software Inc. / TIBCO FTL - Enterprise Edition
|
<=5.4.0 |
Vendor Fix
fix
|
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
TIBCO FTL - Community Edition
TIBCO Software Inc. / TIBCO FTL - Community Edition
|
5.4.1 | ||
|
TIBCO FTL - Developer Edition
TIBCO Software Inc. / TIBCO FTL - Developer Edition
|
5.4.1 | ||
|
TIBCO FTL - Enterprise Edition
TIBCO Software Inc. / TIBCO FTL - Enterprise Edition
|
5.4.1 |
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition
TIBCO Software Inc. / TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition
|
1.0.1 | ||
|
TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition
TIBCO Software Inc. / TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition
|
1.0.1 |
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition
TIBCO Software Inc. / TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition
|
1.0.0 |
Vendor Fix
fix
|
|
|
TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition
TIBCO Software Inc. / TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition
|
1.0.0 |
Vendor Fix
fix
|
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition
TIBCO Software Inc. / TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition
|
1.0.1 | ||
|
TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition
TIBCO Software Inc. / TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition
|
1.0.1 |
7.5 (High)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
TIBCO Rendezvous
TIBCO Software Inc. / TIBCO Rendezvous
|
8.4.6 | ||
|
TIBCO Rendezvous Developer Edition
TIBCO Software Inc. / TIBCO Rendezvous Developer Edition
|
8.4.6 | ||
|
TIBCO Rendezvous for z/Linux
TIBCO Software Inc. / TIBCO Rendezvous for z/Linux
|
8.4.6 | ||
|
TIBCO Rendezvous for z/OS
TIBCO Software Inc. / TIBCO Rendezvous for z/OS
|
8.4.6 | ||
|
TIBCO Rendezvous Network Server
TIBCO Software Inc. / TIBCO Rendezvous Network Server
|
1.1.3 | ||
|
TIBCO Substation ES
TIBCO Software Inc. / TIBCO Substation ES
|
2.12.1 |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
TIBCO Rendezvous
TIBCO Software Inc. / TIBCO Rendezvous
|
<=8.4.5 |
Vendor Fix
fix
|
|
|
TIBCO Rendezvous Developer Edition
TIBCO Software Inc. / TIBCO Rendezvous Developer Edition
|
<=8.4.5 |
Vendor Fix
fix
|
|
|
TIBCO Rendezvous for z/Linux
TIBCO Software Inc. / TIBCO Rendezvous for z/Linux
|
<=8.4.5 |
Vendor Fix
fix
|
|
|
TIBCO Rendezvous for z/OS
TIBCO Software Inc. / TIBCO Rendezvous for z/OS
|
<=8.4.5 |
Vendor Fix
fix
|
|
|
TIBCO Rendezvous Network Server
TIBCO Software Inc. / TIBCO Rendezvous Network Server
|
<=1.1.2 |
Vendor Fix
fix
|
|
|
TIBCO Substation ES
TIBCO Software Inc. / TIBCO Substation ES
|
<=2.12.0 |
Vendor Fix
fix
|
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
TIBCO Rendezvous
TIBCO Software Inc. / TIBCO Rendezvous
|
8.4.6 | ||
|
TIBCO Rendezvous Developer Edition
TIBCO Software Inc. / TIBCO Rendezvous Developer Edition
|
8.4.6 | ||
|
TIBCO Rendezvous for z/Linux
TIBCO Software Inc. / TIBCO Rendezvous for z/Linux
|
8.4.6 | ||
|
TIBCO Rendezvous for z/OS
TIBCO Software Inc. / TIBCO Rendezvous for z/OS
|
8.4.6 | ||
|
TIBCO Rendezvous Network Server
TIBCO Software Inc. / TIBCO Rendezvous Network Server
|
1.1.3 | ||
|
TIBCO Substation ES
TIBCO Software Inc. / TIBCO Substation ES
|
2.12.1 |
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
TIBCO Enterprise Message Service
TIBCO Software Inc. / TIBCO Enterprise Message Service
|
8.4.1 | ||
|
TIBCO Enterprise Message Service - Community Edition
TIBCO Software Inc. / TIBCO Enterprise Message Service - Community Edition
|
8.4.1 | ||
|
TIBCO Enterprise Message Service - Developer Edition
TIBCO Software Inc. / TIBCO Enterprise Message Service - Developer Edition
|
8.4.1 |
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
TIBCO Enterprise Message Service
TIBCO Software Inc. / TIBCO Enterprise Message Service
|
<=8.4.0 |
Vendor Fix
fix
|
|
|
TIBCO Enterprise Message Service - Community Edition
TIBCO Software Inc. / TIBCO Enterprise Message Service - Community Edition
|
<=8.4.0 |
Vendor Fix
fix
|
|
|
TIBCO Enterprise Message Service - Developer Edition
TIBCO Software Inc. / TIBCO Enterprise Message Service - Developer Edition
|
<=8.4.0 |
Vendor Fix
fix
|
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
TIBCO Enterprise Message Service
TIBCO Software Inc. / TIBCO Enterprise Message Service
|
8.4.1 | ||
|
TIBCO Enterprise Message Service - Community Edition
TIBCO Software Inc. / TIBCO Enterprise Message Service - Community Edition
|
8.4.1 | ||
|
TIBCO Enterprise Message Service - Developer Edition
TIBCO Software Inc. / TIBCO Enterprise Message Service - Developer Edition
|
8.4.1 |
References
1 reference
| URL | Category |
|---|---|
| https://www.tibco.com/services/support/advisories | external |
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited.",
"tlp": {
"label": "WHITE"
}
},
"lang": "en",
"notes": [
{
"audience": "all",
"category": "faq",
"text": "# FREQUENTLY ASKED QUESTIONS\n\n## Why is this advisory being issued?\n\nSecurity vulnerabilities have been discovered in:\n\n* TIBCO ActiveSpaces\u00ae - Community Edition versions 3.3.0, 3.4.0, and 3.5.0\n* TIBCO ActiveSpaces\u00ae - Developer Edition versions 3.0.0, 3.1.0, 3.3.0, 3.4.0, and 3.5.0\n* TIBCO ActiveSpaces\u00ae - Enterprise Edition versions 3.0.0, 3.1.0, 3.2.0, 3.3.0, 3.4.0, and 3.5.0\n* TIBCO Enterprise Message Service\u2122 versions 8.4.0 and below\n* TIBCO Enterprise Message Service\u2122 - Community Edition versions 8.4.0 and below\n* TIBCO Enterprise Message Service\u2122 Developer Edition versions 8.4.0 and below\n* TIBCO FTL\u00ae - Community Edition versions 5.4.0 and below\n* TIBCO FTL\u00ae - Developer Edition versions 5.4.0 and below\n* TIBCO FTL\u00ae - Enterprise Edition versions 5.4.0 and below\n* TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition version 1.0.0\n* TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition version 1.0.0\n* TIBCO Rendezvous\u00ae versions 8.4.5 and below\n* TIBCO Rendezvous\u00ae Developer Edition versions 8.4.5 and below\n* TIBCO Rendezvous\u00ae Network Server versions 1.1.2 and below\n* TIBCO Rendezvous\u00ae for z/Linux versions 8.4.5 and below\n* TIBCO Rendezvous\u00ae for z/OS versions 8.4.5 and below\n* TIBCO Substation ES\u2122 versions 2.12.0 and below\n\n## What is the impact of these vulnerabilities?\n\nFor detailed information on the vulnerability, please see the\n[security advisory](https://www.tibco.com/services/support/advisories).\n\n## Which customers are affected?\n\nThese issues affect all customers using the above product versions.\n\n## Where can I get software updates?\n\nCustomers with current maintenance for the affected products can obtain product updates\nthrough their standard TIBCO fulfillment channel, via the Community site, the AWS Marketplace or\nthe Azure Marketplace as appropriate.\n\n## How will customers who receive TIBCO software via OEM partners be affected?\n\nCustomers of OEM partners can receive new versions and hot fixes from their OEM partners.\nPlease contact your OEM partner for updates.\n\n## Can I get the software update if I am not current on maintenance, if I do not have access to the download site or access to TIBCO support?\n\nPlease contact us through [this online form](https://www.tibco.com/contact-us),\nand we will get in touch with you. Please reference CASE ID: 01647666 in your\ncommunication to indicate the context of your request.\n\n## What is tibco doing to prevent future security issues?\n\nTIBCO takes security very seriously. We perform rigorous testing for every product release,\nas well as code audits, structured walkthroughs and peer reviews. TIBCO has identified\nsecurity vulnerabilities in products during internal testing and reviews and corrected them\nprior to release. TIBCO constantly evaluates and augments its security measures and will\ncontinue to do so.\n\n## Where can I get more information?\n\nProduct advisories can be accessed from the\n[Security Advisories for TIBCO Products](https://www.tibco.com/services/support/advisories) web page.\n\nCustomers with a current maintenance contract with TIBCO can log a case with TIBCO Global Support\n(please refer to the service request identifier listed above) and then call your support telephone number.\nMaintenance customers can also view product-specific Late Breaking News through the TIBCO Support Web.\n\n",
"title": "Frequently Asked Questions"
}
],
"publisher": {
"category": "vendor",
"contact_details": "TIBCO Software Inc. can be reached at mailto:security@tibco.com, or via our website at https://www.tibco.com/security",
"name": "TIBCO PSIRT",
"namespace": "https://tibco.com"
},
"title": "TIBCO Security Advisory TIBCO-2018-023",
"tracking": {
"current_release_date": "2020-01-28T17:00:00Z",
"generator": {
"date": "2022-07-14T21:43:08Z",
"engine": {
"name": "retro-csaf",
"version": "v3.2.5-0-g741be4e"
}
},
"id": "TIBCO-2018-023",
"initial_release_date": "2018-11-06T17:00:00Z",
"revision_history": [
{
"date": "2018-11-06T17:00:00Z",
"number": "1.0.0",
"summary": "Initial release."
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.5.1",
"product": {
"name": "TIBCO ActiveSpaces - Community Edition",
"product_id": "tib-12de72030884a5a7"
}
},
{
"category": "product_version",
"name": "3.3.0",
"product": {
"name": "TIBCO ActiveSpaces - Community Edition",
"product_id": "tib-dadee8bb3b660920"
}
},
{
"category": "product_version",
"name": "3.4.0",
"product": {
"name": "TIBCO ActiveSpaces - Community Edition",
"product_id": "tib-ae689fb7c3a31636"
}
},
{
"category": "product_version",
"name": "3.5.0",
"product": {
"name": "TIBCO ActiveSpaces - Community Edition",
"product_id": "tib-41357f13efa0471d"
}
}
],
"category": "product_name",
"name": "TIBCO ActiveSpaces - Community Edition"
},
{
"branches": [
{
"category": "product_version",
"name": "3.5.1",
"product": {
"name": "TIBCO ActiveSpaces - Developer Edition",
"product_id": "tib-6c919c012fa0cad2"
}
},
{
"category": "product_version",
"name": "3.0.0",
"product": {
"name": "TIBCO ActiveSpaces - Developer Edition",
"product_id": "tib-c3de272f8f87dbde"
}
},
{
"category": "product_version",
"name": "3.1.0",
"product": {
"name": "TIBCO ActiveSpaces - Developer Edition",
"product_id": "tib-219649cefc7139fe"
}
},
{
"category": "product_version",
"name": "3.3.0",
"product": {
"name": "TIBCO ActiveSpaces - Developer Edition",
"product_id": "tib-6ba4ba40207a02df"
}
},
{
"category": "product_version",
"name": "3.4.0",
"product": {
"name": "TIBCO ActiveSpaces - Developer Edition",
"product_id": "tib-f1dd8ef7fb50b258"
}
},
{
"category": "product_version",
"name": "3.5.0",
"product": {
"name": "TIBCO ActiveSpaces - Developer Edition",
"product_id": "tib-9d46455dbc3938b2"
}
}
],
"category": "product_name",
"name": "TIBCO ActiveSpaces - Developer Edition"
},
{
"branches": [
{
"category": "product_version",
"name": "3.5.1",
"product": {
"name": "TIBCO ActiveSpaces - Enterprise Edition",
"product_id": "tib-fe3fe3a9d73f691b"
}
},
{
"category": "product_version",
"name": "3.0.0",
"product": {
"name": "TIBCO ActiveSpaces - Enterprise Edition",
"product_id": "tib-eb837b1f113446a8"
}
},
{
"category": "product_version",
"name": "3.1.0",
"product": {
"name": "TIBCO ActiveSpaces - Enterprise Edition",
"product_id": "tib-ff7a3afe1dea2b27"
}
},
{
"category": "product_version",
"name": "3.2.0",
"product": {
"name": "TIBCO ActiveSpaces - Enterprise Edition",
"product_id": "tib-7acacad7cb0410f4"
}
},
{
"category": "product_version",
"name": "3.3.0",
"product": {
"name": "TIBCO ActiveSpaces - Enterprise Edition",
"product_id": "tib-61f815f90c5612af"
}
},
{
"category": "product_version",
"name": "3.4.0",
"product": {
"name": "TIBCO ActiveSpaces - Enterprise Edition",
"product_id": "tib-2f5c7594aa7def4c"
}
},
{
"category": "product_version",
"name": "3.5.0",
"product": {
"name": "TIBCO ActiveSpaces - Enterprise Edition",
"product_id": "tib-a0b77e96104de7f4"
}
}
],
"category": "product_name",
"name": "TIBCO ActiveSpaces - Enterprise Edition"
},
{
"branches": [
{
"category": "product_version",
"name": "5.4.1",
"product": {
"name": "TIBCO FTL - Community Edition",
"product_id": "tib-5b3965d416c9f0ea"
}
},
{
"category": "product_version_range",
"name": "\u003c=5.4.0",
"product": {
"name": "TIBCO FTL - Community Edition",
"product_id": "tib-d738c5bcae453edc"
}
}
],
"category": "product_name",
"name": "TIBCO FTL - Community Edition"
},
{
"branches": [
{
"category": "product_version",
"name": "5.4.1",
"product": {
"name": "TIBCO FTL - Developer Edition",
"product_id": "tib-99a7e520219eaa79"
}
},
{
"category": "product_version_range",
"name": "\u003c=5.4.0",
"product": {
"name": "TIBCO FTL - Developer Edition",
"product_id": "tib-d9b1c93df48a8512"
}
}
],
"category": "product_name",
"name": "TIBCO FTL - Developer Edition"
},
{
"branches": [
{
"category": "product_version",
"name": "5.4.1",
"product": {
"name": "TIBCO FTL - Enterprise Edition",
"product_id": "tib-d726061fa42acb6f"
}
},
{
"category": "product_version_range",
"name": "\u003c=5.4.0",
"product": {
"name": "TIBCO FTL - Enterprise Edition",
"product_id": "tib-69a24450d98e9143"
}
}
],
"category": "product_name",
"name": "TIBCO FTL - Enterprise Edition"
},
{
"branches": [
{
"category": "product_version",
"name": "1.0.1",
"product": {
"name": "TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition",
"product_id": "tib-ec02e1bc3455437d"
}
},
{
"category": "product_version",
"name": "1.0.0",
"product": {
"name": "TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition",
"product_id": "tib-85b7bf23257b7b79"
}
}
],
"category": "product_name",
"name": "TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition"
},
{
"branches": [
{
"category": "product_version",
"name": "1.0.1",
"product": {
"name": "TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition",
"product_id": "tib-efef9535f83df707"
}
},
{
"category": "product_version",
"name": "1.0.0",
"product": {
"name": "TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition",
"product_id": "tib-00ef0d8cbb2743f0"
}
}
],
"category": "product_name",
"name": "TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition"
},
{
"branches": [
{
"category": "product_version",
"name": "8.4.6",
"product": {
"name": "TIBCO Rendezvous",
"product_id": "tib-4e225d426f9bdb35"
}
},
{
"category": "product_version_range",
"name": "\u003c=8.4.5",
"product": {
"name": "TIBCO Rendezvous",
"product_id": "tib-d12a26fc775222f3"
}
}
],
"category": "product_name",
"name": "TIBCO Rendezvous"
},
{
"branches": [
{
"category": "product_version",
"name": "8.4.6",
"product": {
"name": "TIBCO Rendezvous Developer Edition",
"product_id": "tib-1c0aabd8c36f9c89"
}
},
{
"category": "product_version_range",
"name": "\u003c=8.4.5",
"product": {
"name": "TIBCO Rendezvous Developer Edition",
"product_id": "tib-7c4d1e47368d2534"
}
}
],
"category": "product_name",
"name": "TIBCO Rendezvous Developer Edition"
},
{
"branches": [
{
"category": "product_version",
"name": "8.4.6",
"product": {
"name": "TIBCO Rendezvous for z/Linux",
"product_id": "tib-6e5df384a723fe5a"
}
},
{
"category": "product_version_range",
"name": "\u003c=8.4.5",
"product": {
"name": "TIBCO Rendezvous for z/Linux",
"product_id": "tib-6e5885be37cdfef0"
}
}
],
"category": "product_name",
"name": "TIBCO Rendezvous for z/Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "8.4.6",
"product": {
"name": "TIBCO Rendezvous for z/OS",
"product_id": "tib-4d72e2023125ef14"
}
},
{
"category": "product_version_range",
"name": "\u003c=8.4.5",
"product": {
"name": "TIBCO Rendezvous for z/OS",
"product_id": "tib-e9d6838f6a0306c9"
}
}
],
"category": "product_name",
"name": "TIBCO Rendezvous for z/OS"
},
{
"branches": [
{
"category": "product_version",
"name": "1.1.3",
"product": {
"name": "TIBCO Rendezvous Network Server",
"product_id": "tib-01127c04dd48e15c"
}
},
{
"category": "product_version_range",
"name": "\u003c=1.1.2",
"product": {
"name": "TIBCO Rendezvous Network Server",
"product_id": "tib-85d500f50543688b"
}
}
],
"category": "product_name",
"name": "TIBCO Rendezvous Network Server"
},
{
"branches": [
{
"category": "product_version",
"name": "2.12.1",
"product": {
"name": "TIBCO Substation ES",
"product_id": "tib-8ff34b2db891a874"
}
},
{
"category": "product_version_range",
"name": "\u003c=2.12.0",
"product": {
"name": "TIBCO Substation ES",
"product_id": "tib-ceef18d2cc5338a6"
}
}
],
"category": "product_name",
"name": "TIBCO Substation ES"
},
{
"branches": [
{
"category": "product_version",
"name": "8.4.1",
"product": {
"name": "TIBCO Enterprise Message Service",
"product_id": "tib-3d7a1a1f2d3c6928"
}
},
{
"category": "product_version_range",
"name": "\u003c=8.4.0",
"product": {
"name": "TIBCO Enterprise Message Service",
"product_id": "tib-5b2ca2b19631ae5f"
}
}
],
"category": "product_name",
"name": "TIBCO Enterprise Message Service"
},
{
"branches": [
{
"category": "product_version",
"name": "8.4.1",
"product": {
"name": "TIBCO Enterprise Message Service - Community Edition",
"product_id": "tib-bd592220f6045dfc"
}
},
{
"category": "product_version_range",
"name": "\u003c=8.4.0",
"product": {
"name": "TIBCO Enterprise Message Service - Community Edition",
"product_id": "tib-c86b0ae1af62667b"
}
}
],
"category": "product_name",
"name": "TIBCO Enterprise Message Service - Community Edition"
},
{
"branches": [
{
"category": "product_version",
"name": "8.4.1",
"product": {
"name": "TIBCO Enterprise Message Service - Developer Edition",
"product_id": "tib-ae8f03502e6d26a4"
}
},
{
"category": "product_version_range",
"name": "\u003c=8.4.0",
"product": {
"name": "TIBCO Enterprise Message Service - Developer Edition",
"product_id": "tib-8a8a566b9c5bd6db"
}
}
],
"category": "product_name",
"name": "TIBCO Enterprise Message Service - Developer Edition"
}
],
"category": "vendor",
"name": "TIBCO Software Inc."
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-12411",
"involvements": [
{
"date": "2018-11-06T17:00:00Z",
"party": "vendor",
"status": "completed"
}
],
"notes": [
{
"audience": "all",
"category": "faq",
"text": "## TIBCO ActiveSpaces\u00ae - Community Edition\n\n### Which product versions are affected?\n\n* TIBCO ActiveSpaces\u00ae - Community Edition versions 3.3.0, 3.4.0, and 3.5.0\n\n### Which component is affected?\n\n* administrative daemon (tibdgadmind)\n\n### How should customers handle these issues?\n\nFor each affected system, customers should update to the corresponding software versions:\n\n* TIBCO ActiveSpaces\u00ae - Community Edition version 3.5.1 or later\n\nPlease follow the instructions in the product installation manual.\n\n### What is updated by this new product version?\nPlease see the readme, release notes and/or documentation for a complete list of changes.\n\n\n## TIBCO ActiveSpaces\u00ae - Developer Edition\n\n### Which product versions are affected?\n\n* TIBCO ActiveSpaces\u00ae - Developer Edition versions 3.0.0, 3.1.0, 3.3.0, 3.4.0, and 3.5.0\n\n### Which component is affected?\n\n* administrative daemon (tibdgadmind)\n\n### How should customers handle these issues?\n\nFor each affected system, customers should update to the corresponding software versions:\n\n* TIBCO ActiveSpaces\u00ae - Developer Edition version 3.5.1 or later\n\nPlease follow the instructions in the product installation manual.\n\n### What is updated by this new product version?\nPlease see the readme, release notes and/or documentation for a complete list of changes.\n\n\n## TIBCO ActiveSpaces\u00ae - Enterprise Edition\n\n### Which product versions are affected?\n\n* TIBCO ActiveSpaces\u00ae - Enterprise Edition versions 3.0.0, 3.1.0, 3.2.0, 3.3.0, 3.4.0, and 3.5.0\n\n### Which component is affected?\n\n* administrative daemon (tibdgadmind)\n\n### How should customers handle these issues?\n\nFor each affected system, customers should update to the corresponding software versions:\n\n* TIBCO ActiveSpaces\u00ae - Enterprise Edition version 3.5.1 or later\n\nPlease follow the instructions in the product installation manual.\n\n### What is updated by this new product version?\nPlease see the readme, release notes and/or documentation for a complete list of changes.\n\n\n",
"title": "Frequently Asked Questions"
},
{
"audience": "all",
"category": "summary",
"text": "The component listed above contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"fixed": [
"tib-12de72030884a5a7",
"tib-6c919c012fa0cad2",
"tib-fe3fe3a9d73f691b"
],
"known_affected": [
"tib-dadee8bb3b660920",
"tib-ae689fb7c3a31636",
"tib-41357f13efa0471d",
"tib-c3de272f8f87dbde",
"tib-219649cefc7139fe",
"tib-6ba4ba40207a02df",
"tib-f1dd8ef7fb50b258",
"tib-9d46455dbc3938b2",
"tib-eb837b1f113446a8",
"tib-ff7a3afe1dea2b27",
"tib-7acacad7cb0410f4",
"tib-61f815f90c5612af",
"tib-2f5c7594aa7def4c",
"tib-a0b77e96104de7f4"
],
"recommended": [
"tib-12de72030884a5a7",
"tib-6c919c012fa0cad2",
"tib-fe3fe3a9d73f691b"
]
},
"references": [
{
"category": "external",
"summary": "Additional Information",
"url": "https://www.tibco.com/services/support/advisories"
}
],
"release_date": "2018-11-06T17:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-11-06T17:00:00Z",
"details": "Upgrade the affected component or components to the recommended version or later.",
"entitlements": [
"current maintenance",
"out of maintenance, contact with CASE ID: 01647666"
],
"product_ids": [
"tib-dadee8bb3b660920",
"tib-ae689fb7c3a31636",
"tib-41357f13efa0471d"
],
"restart_required": {
"category": "vulnerable_component"
},
"url": "https://edelivery.tibco.com/"
},
{
"category": "vendor_fix",
"date": "2018-11-06T17:00:00Z",
"details": "Upgrade the affected component or components to the recommended version or later.",
"entitlements": [
"current maintenance",
"out of maintenance, contact with CASE ID: 01647666"
],
"product_ids": [
"tib-c3de272f8f87dbde",
"tib-219649cefc7139fe",
"tib-6ba4ba40207a02df",
"tib-f1dd8ef7fb50b258",
"tib-9d46455dbc3938b2"
],
"restart_required": {
"category": "vulnerable_component"
},
"url": "https://edelivery.tibco.com/"
},
{
"category": "vendor_fix",
"date": "2018-11-06T17:00:00Z",
"details": "Upgrade the affected component or components to the recommended version or later.",
"entitlements": [
"current maintenance",
"out of maintenance, contact with CASE ID: 01647666"
],
"product_ids": [
"tib-eb837b1f113446a8",
"tib-ff7a3afe1dea2b27",
"tib-7acacad7cb0410f4",
"tib-61f815f90c5612af",
"tib-2f5c7594aa7def4c",
"tib-a0b77e96104de7f4"
],
"restart_required": {
"category": "vulnerable_component"
},
"url": "https://edelivery.tibco.com/"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"tib-dadee8bb3b660920",
"tib-ae689fb7c3a31636",
"tib-41357f13efa0471d",
"tib-c3de272f8f87dbde",
"tib-219649cefc7139fe",
"tib-6ba4ba40207a02df",
"tib-f1dd8ef7fb50b258",
"tib-9d46455dbc3938b2",
"tib-eb837b1f113446a8",
"tib-ff7a3afe1dea2b27",
"tib-7acacad7cb0410f4",
"tib-61f815f90c5612af",
"tib-2f5c7594aa7def4c",
"tib-a0b77e96104de7f4"
]
}
],
"title": "TIBCO ActiveSpaces Administrative Daemon Vulnerable to CSRF Attacks"
},
{
"cve": "CVE-2018-12412",
"involvements": [
{
"date": "2018-11-06T17:00:00Z",
"party": "vendor",
"status": "completed"
}
],
"notes": [
{
"audience": "all",
"category": "faq",
"text": "## TIBCO FTL\u00ae - Community Edition\n\n### Which product versions are affected?\n\n* TIBCO FTL\u00ae - Community Edition versions 5.4.0 and below\n\n### Which component is affected?\n\n* realm server (tibrealmserver)\n\n### How should customers handle these issues?\n\nFor each affected system, customers should update to the corresponding software versions:\n\n* TIBCO FTL\u00ae - Community Edition version 5.4.1 or later\n\nPlease follow the instructions in the product installation manual.\n\n### What is updated by this new product version?\nPlease see the readme, release notes and/or documentation for a complete list of changes.\n\n\n## TIBCO FTL\u00ae - Developer Edition\n\n### Which product versions are affected?\n\n* TIBCO FTL\u00ae - Developer Edition versions 5.4.0 and below\n\n### Which component is affected?\n\n* realm server (tibrealmserver)\n\n### How should customers handle these issues?\n\nFor each affected system, customers should update to the corresponding software versions:\n\n* TIBCO FTL\u00ae - Developer Edition version 5.4.1 or later\n\nPlease follow the instructions in the product installation manual.\n\n### What is updated by this new product version?\nPlease see the readme, release notes and/or documentation for a complete list of changes.\n\n\n## TIBCO FTL\u00ae - Enterprise Edition\n\n### Which product versions are affected?\n\n* TIBCO FTL\u00ae - Enterprise Edition versions 5.4.0 and below\n\n### Which component is affected?\n\n* realm server (tibrealmserver)\n\n### How should customers handle these issues?\n\nFor each affected system, customers should update to the corresponding software versions:\n\n* TIBCO FTL\u00ae - Enterprise Edition version 5.4.1 or later\n\nPlease follow the instructions in the product installation manual.\n\n### What is updated by this new product version?\nPlease see the readme, release notes and/or documentation for a complete list of changes.\n\n\n",
"title": "Frequently Asked Questions"
},
{
"audience": "all",
"category": "summary",
"text": "The component listed above contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"fixed": [
"tib-5b3965d416c9f0ea",
"tib-99a7e520219eaa79",
"tib-d726061fa42acb6f"
],
"known_affected": [
"tib-d738c5bcae453edc",
"tib-d9b1c93df48a8512",
"tib-69a24450d98e9143"
],
"recommended": [
"tib-5b3965d416c9f0ea",
"tib-99a7e520219eaa79",
"tib-d726061fa42acb6f"
]
},
"references": [
{
"category": "external",
"summary": "Additional Information",
"url": "https://www.tibco.com/services/support/advisories"
}
],
"release_date": "2018-11-06T17:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-11-06T17:00:00Z",
"details": "Upgrade the affected component or components to the recommended version or later.",
"entitlements": [
"current maintenance",
"out of maintenance, contact with CASE ID: 01647666"
],
"product_ids": [
"tib-d738c5bcae453edc"
],
"restart_required": {
"category": "vulnerable_component"
},
"url": "https://edelivery.tibco.com/"
},
{
"category": "vendor_fix",
"date": "2018-11-06T17:00:00Z",
"details": "Upgrade the affected component or components to the recommended version or later.",
"entitlements": [
"current maintenance",
"out of maintenance, contact with CASE ID: 01647666"
],
"product_ids": [
"tib-d9b1c93df48a8512"
],
"restart_required": {
"category": "vulnerable_component"
},
"url": "https://edelivery.tibco.com/"
},
{
"category": "vendor_fix",
"date": "2018-11-06T17:00:00Z",
"details": "Upgrade the affected component or components to the recommended version or later.",
"entitlements": [
"current maintenance",
"out of maintenance, contact with CASE ID: 01647666"
],
"product_ids": [
"tib-69a24450d98e9143"
],
"restart_required": {
"category": "vulnerable_component"
},
"url": "https://edelivery.tibco.com/"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"tib-d738c5bcae453edc",
"tib-d9b1c93df48a8512",
"tib-69a24450d98e9143"
]
}
],
"title": "TIBCO FTL Realm Server Vulnerable to CSRF Attacks"
},
{
"cve": "CVE-2018-12413",
"involvements": [
{
"date": "2018-11-06T17:00:00Z",
"party": "vendor",
"status": "completed"
}
],
"notes": [
{
"audience": "all",
"category": "faq",
"text": "## TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition\n\n### Which product versions are affected?\n\n* TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition version 1.0.0\n\n### Which component is affected?\n\n* Schema repository server (tibschemad)\n\n### How should customers handle these issues?\n\nFor each affected system, customers should update to the corresponding software versions:\n\n* TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition version 1.0.1 or later\n\nPlease follow the instructions in the product installation manual.\n\n### What is updated by this new product version?\nPlease see the readme, release notes and/or documentation for a complete list of changes.\n\n\n## TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition\n\n### Which product versions are affected?\n\n* TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition version 1.0.0\n\n### Which component is affected?\n\n* Schema repository server (tibschemad)\n\n### How should customers handle these issues?\n\nFor each affected system, customers should update to the corresponding software versions:\n\n* TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition version 1.0.1 or later\n\nPlease follow the instructions in the product installation manual.\n\n### What is updated by this new product version?\nPlease see the readme, release notes and/or documentation for a complete list of changes.\n\n\n",
"title": "Frequently Asked Questions"
},
{
"audience": "all",
"category": "summary",
"text": "The component listed above contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"fixed": [
"tib-ec02e1bc3455437d",
"tib-efef9535f83df707"
],
"known_affected": [
"tib-85b7bf23257b7b79",
"tib-00ef0d8cbb2743f0"
],
"recommended": [
"tib-ec02e1bc3455437d",
"tib-efef9535f83df707"
]
},
"references": [
{
"category": "external",
"summary": "Additional Information",
"url": "https://www.tibco.com/services/support/advisories"
}
],
"release_date": "2018-11-06T17:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-11-06T17:00:00Z",
"details": "Upgrade the affected component or components to the recommended version or later.",
"entitlements": [
"current maintenance",
"out of maintenance, contact with CASE ID: 01647666"
],
"product_ids": [
"tib-85b7bf23257b7b79"
],
"restart_required": {
"category": "vulnerable_component"
},
"url": "https://edelivery.tibco.com/"
},
{
"category": "vendor_fix",
"date": "2018-11-06T17:00:00Z",
"details": "Upgrade the affected component or components to the recommended version or later.",
"entitlements": [
"current maintenance",
"out of maintenance, contact with CASE ID: 01647666"
],
"product_ids": [
"tib-00ef0d8cbb2743f0"
],
"restart_required": {
"category": "vulnerable_component"
},
"url": "https://edelivery.tibco.com/"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"tib-85b7bf23257b7b79",
"tib-00ef0d8cbb2743f0"
]
}
],
"title": "TIBCO Messaging - Apache Kafka Distribution - Schema Repository Vulnerable to CSRF Attacks"
},
{
"cve": "CVE-2018-12414",
"involvements": [
{
"date": "2018-11-06T17:00:00Z",
"party": "vendor",
"status": "completed"
}
],
"notes": [
{
"audience": "all",
"category": "faq",
"text": "## TIBCO Rendezvous\u00ae\n\n### Which product versions are affected?\n\n* TIBCO Rendezvous\u00ae versions 8.4.5 and below\n\n### Which component is affected?\n\n* Rendezvous Routing Daemon (rvrd)\n* Rendezvous Secure Routing Daemon (rvrsd)\n* Rendezvous Secure Daemon (rvsd)\n* Rendezvous Cache (rvcache)\n* Rendezvous Daemon Manager (rvdm)\n\n### How should customers handle these issues?\n\nFor each affected system, customers should update to the corresponding software versions:\n\n* TIBCO Rendezvous\u00ae version 8.4.6 or later\n\nPlease follow the instructions in the product installation manual.\n\n### What is updated by this new product version?\nPlease see the readme, release notes and/or documentation for a complete list of changes.\n\n\n## TIBCO Rendezvous\u00ae Developer Edition\n\n### Which product versions are affected?\n\n* TIBCO Rendezvous\u00ae Developer Edition versions 8.4.5 and below\n\n### Which component is affected?\n\n* Rendezvous Routing Daemon (rvrd)\n* Rendezvous Secure Routing Daemon (rvrsd)\n* Rendezvous Secure Daemon (rvsd)\n* Rendezvous Cache (rvcache)\n* Rendezvous Daemon Manager (rvdm)\n\n### How should customers handle these issues?\n\nFor each affected system, customers should update to the corresponding software versions:\n\n* TIBCO Rendezvous\u00ae Developer Edition version 8.4.6 or later\n\nPlease follow the instructions in the product installation manual.\n\n### What is updated by this new product version?\nPlease see the readme, release notes and/or documentation for a complete list of changes.\n\n\n## TIBCO Rendezvous\u00ae Network Server\n\n### Which product versions are affected?\n\n* TIBCO Rendezvous\u00ae Network Server versions 1.1.2 and below\n\n### Which component is affected?\n\n* Rendezvous Routing Daemon (rvrd)\n* Rendezvous Secure Routing Daemon (rvrsd)\n* Rendezvous Secure Daemon (rvsd)\n* Rendezvous Cache (rvcache)\n* Rendezvous Daemon Manager (rvdm)\n\n### How should customers handle these issues?\n\nFor each affected system, customers should update to the corresponding software versions:\n\n* TIBCO Rendezvous\u00ae Network Server version 1.1.3 or later\n\nPlease follow the instructions in the product installation manual.\n\n### What is updated by this new product version?\nPlease see the readme, release notes and/or documentation for a complete list of changes.\n\n\n## TIBCO Rendezvous\u00ae for z/Linux\n\n### Which product versions are affected?\n\n* TIBCO Rendezvous\u00ae for z/Linux versions 8.4.5 and below\n\n### Which component is affected?\n\n* Rendezvous Routing Daemon (rvrd)\n* Rendezvous Secure Routing Daemon (rvrsd)\n* Rendezvous Secure Daemon (rvsd)\n* Rendezvous Cache (rvcache)\n* Rendezvous Daemon Manager (rvdm)\n\n### How should customers handle these issues?\n\nFor each affected system, customers should update to the corresponding software versions:\n\n* TIBCO Rendezvous\u00ae for z/Linux version 8.4.6 or later\n\nPlease follow the instructions in the product installation manual.\n\n### What is updated by this new product version?\nPlease see the readme, release notes and/or documentation for a complete list of changes.\n\n\n## TIBCO Rendezvous\u00ae for z/OS\n\n### Which product versions are affected?\n\n* TIBCO Rendezvous\u00ae for z/OS versions 8.4.5 and below\n\n### Which component is affected?\n\n* Rendezvous Routing Daemon (rvrd)\n* Rendezvous Secure Routing Daemon (rvrsd)\n* Rendezvous Secure Daemon (rvsd)\n* Rendezvous Cache (rvcache)\n* Rendezvous Daemon Manager (rvdm)\n\n### How should customers handle these issues?\n\nFor each affected system, customers should update to the corresponding software versions:\n\n* TIBCO Rendezvous\u00ae for z/OS version 8.4.6 or later\n\nPlease follow the instructions in the product installation manual.\n\n### What is updated by this new product version?\nPlease see the readme, release notes and/or documentation for a complete list of changes.\n\n\n## TIBCO Substation ES\u2122\n\n### Which product versions are affected?\n\n* TIBCO Substation ES\u2122 versions 2.12.0 and below\n\n### Which component is affected?\n\n* Rendezvous Routing Daemon (rvrd)\n* Rendezvous Secure Routing Daemon (rvrsd)\n* Rendezvous Secure Daemon (rvsd)\n* Rendezvous Cache (rvcache)\n* Rendezvous Daemon Manager (rvdm)\n\n### How should customers handle these issues?\n\nFor each affected system, customers should update to the corresponding software versions:\n\n* TIBCO Substation ES\u2122 version 2.12.1 or later\n\nPlease follow the instructions in the product installation manual.\n\n### What is updated by this new product version?\nPlease see the readme, release notes and/or documentation for a complete list of changes.\n\n\n",
"title": "Frequently Asked Questions"
},
{
"audience": "all",
"category": "summary",
"text": "The components listed above contain vulnerabilities which may allow an attacker to perform cross-site request forgery (CSRF) attacks.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"fixed": [
"tib-4e225d426f9bdb35",
"tib-1c0aabd8c36f9c89",
"tib-6e5df384a723fe5a",
"tib-4d72e2023125ef14",
"tib-01127c04dd48e15c",
"tib-8ff34b2db891a874"
],
"known_affected": [
"tib-d12a26fc775222f3",
"tib-7c4d1e47368d2534",
"tib-6e5885be37cdfef0",
"tib-e9d6838f6a0306c9",
"tib-85d500f50543688b",
"tib-ceef18d2cc5338a6"
],
"recommended": [
"tib-4e225d426f9bdb35",
"tib-1c0aabd8c36f9c89",
"tib-6e5df384a723fe5a",
"tib-4d72e2023125ef14",
"tib-01127c04dd48e15c",
"tib-8ff34b2db891a874"
]
},
"references": [
{
"category": "external",
"summary": "Additional Information",
"url": "https://www.tibco.com/services/support/advisories"
}
],
"release_date": "2018-11-06T17:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-11-06T17:00:00Z",
"details": "Upgrade the affected component or components to the recommended version or later.",
"entitlements": [
"current maintenance",
"out of maintenance, contact with CASE ID: 01647666"
],
"product_ids": [
"tib-d12a26fc775222f3"
],
"restart_required": {
"category": "vulnerable_component"
},
"url": "https://edelivery.tibco.com/"
},
{
"category": "vendor_fix",
"date": "2018-11-06T17:00:00Z",
"details": "Upgrade the affected component or components to the recommended version or later.",
"entitlements": [
"current maintenance",
"out of maintenance, contact with CASE ID: 01647666"
],
"product_ids": [
"tib-7c4d1e47368d2534"
],
"restart_required": {
"category": "vulnerable_component"
},
"url": "https://edelivery.tibco.com/"
},
{
"category": "vendor_fix",
"date": "2018-11-06T17:00:00Z",
"details": "Upgrade the affected component or components to the recommended version or later.",
"entitlements": [
"current maintenance",
"out of maintenance, contact with CASE ID: 01647666"
],
"product_ids": [
"tib-6e5885be37cdfef0"
],
"restart_required": {
"category": "vulnerable_component"
},
"url": "https://edelivery.tibco.com/"
},
{
"category": "vendor_fix",
"date": "2018-11-06T17:00:00Z",
"details": "Upgrade the affected component or components to the recommended version or later.",
"entitlements": [
"current maintenance",
"out of maintenance, contact with CASE ID: 01647666"
],
"product_ids": [
"tib-e9d6838f6a0306c9"
],
"restart_required": {
"category": "vulnerable_component"
},
"url": "https://edelivery.tibco.com/"
},
{
"category": "vendor_fix",
"date": "2018-11-06T17:00:00Z",
"details": "Upgrade the affected component or components to the recommended version or later.",
"entitlements": [
"current maintenance",
"out of maintenance, contact with CASE ID: 01647666"
],
"product_ids": [
"tib-85d500f50543688b"
],
"restart_required": {
"category": "vulnerable_component"
},
"url": "https://edelivery.tibco.com/"
},
{
"category": "vendor_fix",
"date": "2018-11-06T17:00:00Z",
"details": "Upgrade the affected component or components to the recommended version or later.",
"entitlements": [
"current maintenance",
"out of maintenance, contact with CASE ID: 01647666"
],
"product_ids": [
"tib-ceef18d2cc5338a6"
],
"restart_required": {
"category": "vulnerable_component"
},
"url": "https://edelivery.tibco.com/"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"tib-d12a26fc775222f3",
"tib-7c4d1e47368d2534",
"tib-6e5885be37cdfef0",
"tib-e9d6838f6a0306c9",
"tib-85d500f50543688b",
"tib-ceef18d2cc5338a6"
]
}
],
"title": "TIBCO Rendezvous Vulnerable to CSRF Attacks"
},
{
"cve": "CVE-2018-12415",
"involvements": [
{
"date": "2018-11-06T17:00:00Z",
"party": "vendor",
"status": "completed"
}
],
"notes": [
{
"audience": "all",
"category": "faq",
"text": "## TIBCO Enterprise Message Service\u2122\n\n### Which product versions are affected?\n\n* TIBCO Enterprise Message Service\u2122 versions 8.4.0 and below\n\n### Which component is affected?\n\n* Central Administration server (emsca)\n\n### How should customers handle these issues?\n\nFor each affected system, customers should update to the corresponding software versions:\n\n* TIBCO Enterprise Message Service\u2122 version 8.4.1 or later\n\nPlease follow the instructions in the product installation manual.\n\n### What is updated by this new product version?\nPlease see the readme, release notes and/or documentation for a complete list of changes.\n\n\n## TIBCO Enterprise Message Service\u2122 - Community Edition\n\n### Which product versions are affected?\n\n* TIBCO Enterprise Message Service\u2122 - Community Edition versions 8.4.0 and below\n\n### Which component is affected?\n\n* Central Administration server (emsca)\n\n### How should customers handle these issues?\n\nFor each affected system, customers should update to the corresponding software versions:\n\n* TIBCO Enterprise Message Service\u2122 - Community Edition version 8.4.1 or later\n\nPlease follow the instructions in the product installation manual.\n\n### What is updated by this new product version?\nPlease see the readme, release notes and/or documentation for a complete list of changes.\n\n\n",
"title": "Frequently Asked Questions"
},
{
"audience": "all",
"category": "summary",
"text": "The component listed above contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"fixed": [
"tib-3d7a1a1f2d3c6928",
"tib-bd592220f6045dfc",
"tib-ae8f03502e6d26a4"
],
"known_affected": [
"tib-5b2ca2b19631ae5f",
"tib-c86b0ae1af62667b",
"tib-8a8a566b9c5bd6db"
],
"recommended": [
"tib-3d7a1a1f2d3c6928",
"tib-bd592220f6045dfc",
"tib-ae8f03502e6d26a4"
]
},
"references": [
{
"category": "external",
"summary": "Additional Information",
"url": "https://www.tibco.com/services/support/advisories"
}
],
"release_date": "2018-11-06T17:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-11-06T17:00:00Z",
"details": "Upgrade the affected component or components to the recommended version or later.",
"entitlements": [
"current maintenance",
"out of maintenance, contact with CASE ID: 01647666"
],
"product_ids": [
"tib-5b2ca2b19631ae5f"
],
"restart_required": {
"category": "vulnerable_component"
},
"url": "https://edelivery.tibco.com/"
},
{
"category": "vendor_fix",
"date": "2018-11-06T17:00:00Z",
"details": "Upgrade the affected component or components to the recommended version or later.",
"entitlements": [
"current maintenance",
"out of maintenance, contact with CASE ID: 01647666"
],
"product_ids": [
"tib-c86b0ae1af62667b"
],
"restart_required": {
"category": "vulnerable_component"
},
"url": "https://edelivery.tibco.com/"
},
{
"category": "vendor_fix",
"date": "2018-11-06T17:00:00Z",
"details": "Upgrade the affected component or components to the recommended version or later.",
"entitlements": [
"current maintenance",
"out of maintenance, contact with CASE ID: 01647666"
],
"product_ids": [
"tib-8a8a566b9c5bd6db"
],
"restart_required": {
"category": "vulnerable_component"
},
"url": "https://edelivery.tibco.com/"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"tib-5b2ca2b19631ae5f",
"tib-c86b0ae1af62667b",
"tib-8a8a566b9c5bd6db"
]
}
],
"title": "TIBCO Enterprise Message Service Vulnerable to CSRF Attacks"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…