All the vulnerabilites related to TIBCO Software Inc. - TIBCO ActiveSpaces - Developer Edition
cve-2021-35497
Vulnerability from cvelistv5
Published
2021-10-05 17:25
Modified
2024-09-16 23:51
Severity ?
EPSS score ?
Summary
TIBCO FTL unvalidated SAN in client certificates
References
▼ | URL | Tags |
---|---|---|
https://www.tibco.com/services/support/advisories | x_refsource_CONFIRM | |
https://www.tibco.com/support/advisories/2021/10/tibco-security-advisory-october-5-2021-tibco-ftl-2021-35497 | x_refsource_CONFIRM |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T00:40:47.272Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.tibco.com/services/support/advisories" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.tibco.com/support/advisories/2021/10/tibco-security-advisory-october-5-2021-tibco-ftl-2021-35497" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "TIBCO ActiveSpaces - Community Edition", "vendor": "TIBCO Software Inc.", "versions": [ { "status": "affected", "version": "4.3.0" }, { "status": "affected", "version": "4.4.0" }, { "status": "affected", "version": "4.5.0" }, { "status": "affected", "version": "4.6.0" }, { "status": "affected", "version": "4.6.1" }, { "status": "affected", "version": "4.6.2" } ] }, { "product": "TIBCO ActiveSpaces - Developer Edition", "vendor": "TIBCO Software Inc.", "versions": [ { "status": "affected", "version": "4.3.0" }, { "status": "affected", "version": "4.4.0" }, { "status": "affected", "version": "4.5.0" }, { "status": "affected", "version": "4.6.0" }, { "status": "affected", "version": "4.6.1" }, { "status": "affected", "version": "4.6.2" } ] }, { "product": "TIBCO ActiveSpaces - Enterprise Edition", "vendor": "TIBCO Software Inc.", "versions": [ { "status": "affected", "version": "4.3.0" }, { "status": "affected", "version": "4.4.0" }, { "status": "affected", "version": "4.5.0" }, { "status": "affected", "version": "4.6.0" }, { "status": "affected", "version": "4.6.1" }, { "status": "affected", "version": "4.6.2" } ] }, { "product": "TIBCO FTL - Community Edition", "vendor": "TIBCO Software Inc.", "versions": [ { "status": "affected", "version": "6.2.0" }, { "status": "affected", "version": "6.3.0" }, { "status": "affected", "version": "6.3.1" }, { "status": "affected", "version": "6.4.0" }, { "status": "affected", "version": "6.5.0" }, { "status": "affected", "version": "6.6.0" }, { "status": "affected", "version": "6.6.1" }, { "status": "affected", "version": "6.7.0" } ] }, { "product": "TIBCO FTL - Developer Edition", "vendor": "TIBCO Software Inc.", "versions": [ { "status": "affected", "version": "6.2.0" }, { "status": "affected", "version": "6.3.0" }, { "status": "affected", "version": "6.3.1" }, { "status": "affected", "version": "6.4.0" }, { "status": "affected", "version": "6.5.0" }, { "status": "affected", "version": "6.6.0" }, { "status": "affected", "version": "6.6.1" }, { "status": "affected", "version": "6.7.0" } ] }, { "product": "TIBCO FTL - Enterprise Edition", "vendor": "TIBCO Software Inc.", "versions": [ { "status": "affected", "version": "6.2.0" }, { "status": "affected", "version": "6.3.0" }, { "status": "affected", "version": "6.3.1" }, { "status": "affected", "version": "6.4.0" }, { "status": "affected", "version": "6.5.0" }, { "status": "affected", "version": "6.6.0" }, { "status": "affected", "version": "6.6.1" }, { "status": "affected", "version": "6.7.0" } ] }, { "product": "TIBCO eFTL - Community Edition", "vendor": "TIBCO Software Inc.", "versions": [ { "status": "affected", "version": "6.2.0" }, { "status": "affected", "version": "6.3.0" }, { "status": "affected", "version": "6.3.1" }, { "status": "affected", "version": "6.4.0" }, { "status": "affected", "version": "6.5.0" }, { "status": "affected", "version": "6.6.0" }, { "status": "affected", "version": "6.6.1" }, { "status": "affected", "version": "6.7.0" } ] }, { "product": "TIBCO eFTL - Developer Edition", "vendor": "TIBCO Software Inc.", "versions": [ { "status": "affected", "version": "6.2.0" }, { "status": "affected", "version": "6.3.0" }, { "status": "affected", "version": "6.3.1" }, { "status": "affected", "version": "6.4.0" }, { "status": "affected", "version": "6.5.0" }, { "status": "affected", "version": "6.6.0" }, { "status": "affected", "version": "6.6.1" }, { "status": "affected", "version": "6.7.0" } ] }, { "product": "TIBCO eFTL - Enterprise Edition", "vendor": "TIBCO Software Inc.", "versions": [ { "status": "affected", "version": "6.2.0" }, { "status": "affected", "version": "6.3.0" }, { "status": "affected", "version": "6.3.1" }, { "status": "affected", "version": "6.4.0" }, { "status": "affected", "version": "6.5.0" }, { "status": "affected", "version": "6.6.0" }, { "status": "affected", "version": "6.6.1" }, { "status": "affected", "version": "6.7.0" } ] } ], "datePublic": "2021-10-05T00:00:00", "descriptions": [ { "lang": "en", "value": "The FTL Server (tibftlserver) and Docker images containing tibftlserver components of TIBCO Software Inc.\u0027s TIBCO ActiveSpaces - Community Edition, TIBCO ActiveSpaces - Developer Edition, TIBCO ActiveSpaces - Enterprise Edition, TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, TIBCO FTL - Enterprise Edition, TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contain a vulnerability that theoretically allows a non-administrative, authenticated FTL user to trick the affected components into creating illegitimate certificates. These maliciously generated certificates can be used to enable man-in-the-middle attacks or to escalate privileges so that the malicious user has administrative privileges. Affected releases are TIBCO Software Inc.\u0027s TIBCO ActiveSpaces - Community Edition: versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.6.1, and 4.6.2, TIBCO ActiveSpaces - Developer Edition: versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.6.1, and 4.6.2, TIBCO ActiveSpaces - Enterprise Edition: versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.6.1, and 4.6.2, TIBCO FTL - Community Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, TIBCO FTL - Developer Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, TIBCO FTL - Enterprise Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, TIBCO eFTL - Community Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, TIBCO eFTL - Developer Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, and TIBCO eFTL - Enterprise Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "The impact of this vulnerability includes the theoretical possibility that a malicious non-administrative user can gain full administrative access to the affected system.", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-03-10T21:20:08", "orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db", "shortName": "tibco" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.tibco.com/services/support/advisories" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.tibco.com/support/advisories/2021/10/tibco-security-advisory-october-5-2021-tibco-ftl-2021-35497" } ], "solutions": [ { "lang": "en", "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO ActiveSpaces - Community Edition versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.6.1, and 4.6.2 update to version 4.7.0 or later\nTIBCO ActiveSpaces - Developer Edition versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.6.1, and 4.6.2 update to version 4.7.0 or later\nTIBCO ActiveSpaces - Enterprise Edition versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.6.1, and 4.6.2 update to version 4.7.0 or later\nTIBCO FTL - Community Edition versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0 update to version 6.7.1 or later\nTIBCO FTL - Developer Edition versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0 update to version 6.7.1 or later\nTIBCO FTL - Enterprise Edition versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0 update to version 6.7.1 or later\nTIBCO eFTL - Community Edition versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0 update to version 6.7.1 or later\nTIBCO eFTL - Developer Edition versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0 update to version 6.7.1 or later\nTIBCO eFTL - Enterprise Edition versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0 update to version 6.7.1 or later" } ], "source": { "discovery": "INTERNAL" }, "title": "TIBCO FTL unvalidated SAN in client certificates", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@tibco.com", "DATE_PUBLIC": "2021-10-05T17:00:00Z", "ID": "CVE-2021-35497", "STATE": "PUBLIC", "TITLE": "TIBCO FTL unvalidated SAN in client certificates", "UPDATED": "2022-03-10T21:00:00Z" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "TIBCO ActiveSpaces - Community Edition", "version": { "version_data": [ { "version_affected": "=", "version_value": "4.3.0" }, { "version_affected": "=", "version_value": "4.4.0" }, { "version_affected": "=", "version_value": "4.5.0" }, { "version_affected": "=", "version_value": "4.6.0" }, { "version_affected": "=", "version_value": "4.6.1" }, { "version_affected": "=", "version_value": "4.6.2" } ] } }, { "product_name": "TIBCO ActiveSpaces - Developer Edition", "version": { "version_data": [ { "version_affected": "=", "version_value": "4.3.0" }, { "version_affected": "=", "version_value": "4.4.0" }, { "version_affected": "=", "version_value": "4.5.0" }, { "version_affected": "=", "version_value": "4.6.0" }, { "version_affected": "=", "version_value": "4.6.1" }, { "version_affected": "=", "version_value": "4.6.2" } ] } }, { "product_name": "TIBCO ActiveSpaces - Enterprise Edition", "version": { "version_data": [ { "version_affected": "=", "version_value": "4.3.0" }, { "version_affected": "=", "version_value": "4.4.0" }, { "version_affected": "=", "version_value": "4.5.0" }, { "version_affected": "=", "version_value": "4.6.0" }, { "version_affected": "=", "version_value": "4.6.1" }, { "version_affected": "=", "version_value": "4.6.2" } ] } }, { "product_name": "TIBCO FTL - Community Edition", "version": { "version_data": [ { "version_affected": "=", "version_value": "6.2.0" }, { "version_affected": "=", "version_value": "6.3.0" }, { "version_affected": "=", "version_value": "6.3.1" }, { "version_affected": "=", "version_value": "6.4.0" }, { "version_affected": "=", "version_value": "6.5.0" }, { "version_affected": "=", "version_value": "6.6.0" }, { "version_affected": "=", "version_value": "6.6.1" }, { "version_affected": "=", "version_value": "6.7.0" } ] } }, { "product_name": "TIBCO FTL - Developer Edition", "version": { "version_data": [ { "version_affected": "=", "version_value": "6.2.0" }, { "version_affected": "=", "version_value": "6.3.0" }, { "version_affected": "=", "version_value": "6.3.1" }, { "version_affected": "=", "version_value": "6.4.0" }, { "version_affected": "=", "version_value": "6.5.0" }, { "version_affected": "=", "version_value": "6.6.0" }, { "version_affected": "=", "version_value": "6.6.1" }, { "version_affected": "=", "version_value": "6.7.0" } ] } }, { "product_name": "TIBCO FTL - Enterprise Edition", "version": { "version_data": [ { "version_affected": "=", "version_value": "6.2.0" }, { "version_affected": "=", "version_value": "6.3.0" }, { "version_affected": "=", "version_value": "6.3.1" }, { "version_affected": "=", "version_value": "6.4.0" }, { "version_affected": "=", "version_value": "6.5.0" }, { "version_affected": "=", "version_value": "6.6.0" }, { "version_affected": "=", "version_value": "6.6.1" }, { "version_affected": "=", "version_value": "6.7.0" } ] } }, { "product_name": "TIBCO eFTL - Community Edition", "version": { "version_data": [ { "version_affected": "=", "version_value": "6.2.0" }, { "version_affected": "=", "version_value": "6.3.0" }, { "version_affected": "=", "version_value": "6.3.1" }, { "version_affected": "=", "version_value": "6.4.0" }, { "version_affected": "=", "version_value": "6.5.0" }, { "version_affected": "=", "version_value": "6.6.0" }, { "version_affected": "=", "version_value": "6.6.1" }, { "version_affected": "=", "version_value": "6.7.0" } ] } }, { "product_name": "TIBCO eFTL - Developer Edition", "version": { "version_data": [ { "version_affected": "=", "version_value": "6.2.0" }, { "version_affected": "=", "version_value": "6.3.0" }, { "version_affected": "=", "version_value": "6.3.1" }, { "version_affected": "=", "version_value": "6.4.0" }, { "version_affected": "=", "version_value": "6.5.0" }, { "version_affected": "=", "version_value": "6.6.0" }, { "version_affected": "=", "version_value": "6.6.1" }, { "version_affected": "=", "version_value": "6.7.0" } ] } }, { "product_name": "TIBCO eFTL - Enterprise Edition", "version": { "version_data": [ { "version_affected": "=", "version_value": "6.2.0" }, { "version_affected": "=", "version_value": "6.3.0" }, { "version_affected": "=", "version_value": "6.3.1" }, { "version_affected": "=", "version_value": "6.4.0" }, { "version_affected": "=", "version_value": "6.5.0" }, { "version_affected": "=", "version_value": "6.6.0" }, { "version_affected": "=", "version_value": "6.6.1" }, { "version_affected": "=", "version_value": "6.7.0" } ] } } ] }, "vendor_name": "TIBCO Software Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The FTL Server (tibftlserver) and Docker images containing tibftlserver components of TIBCO Software Inc.\u0027s TIBCO ActiveSpaces - Community Edition, TIBCO ActiveSpaces - Developer Edition, TIBCO ActiveSpaces - Enterprise Edition, TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, TIBCO FTL - Enterprise Edition, TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contain a vulnerability that theoretically allows a non-administrative, authenticated FTL user to trick the affected components into creating illegitimate certificates. These maliciously generated certificates can be used to enable man-in-the-middle attacks or to escalate privileges so that the malicious user has administrative privileges. Affected releases are TIBCO Software Inc.\u0027s TIBCO ActiveSpaces - Community Edition: versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.6.1, and 4.6.2, TIBCO ActiveSpaces - Developer Edition: versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.6.1, and 4.6.2, TIBCO ActiveSpaces - Enterprise Edition: versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.6.1, and 4.6.2, TIBCO FTL - Community Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, TIBCO FTL - Developer Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, TIBCO FTL - Enterprise Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, TIBCO eFTL - Community Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, TIBCO eFTL - Developer Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, and TIBCO eFTL - Enterprise Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0." } ] }, "impact": { "cvss": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "The impact of this vulnerability includes the theoretical possibility that a malicious non-administrative user can gain full administrative access to the affected system." } ] } ] }, "references": { "reference_data": [ { "name": "https://www.tibco.com/services/support/advisories", "refsource": "CONFIRM", "url": "https://www.tibco.com/services/support/advisories" }, { "name": "https://www.tibco.com/support/advisories/2021/10/tibco-security-advisory-october-5-2021-tibco-ftl-2021-35497", "refsource": "CONFIRM", "url": "https://www.tibco.com/support/advisories/2021/10/tibco-security-advisory-october-5-2021-tibco-ftl-2021-35497" } ] }, "solution": [ { "lang": "en", "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO ActiveSpaces - Community Edition versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.6.1, and 4.6.2 update to version 4.7.0 or later\nTIBCO ActiveSpaces - Developer Edition versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.6.1, and 4.6.2 update to version 4.7.0 or later\nTIBCO ActiveSpaces - Enterprise Edition versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.6.1, and 4.6.2 update to version 4.7.0 or later\nTIBCO FTL - Community Edition versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0 update to version 6.7.1 or later\nTIBCO FTL - Developer Edition versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0 update to version 6.7.1 or later\nTIBCO FTL - Enterprise Edition versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0 update to version 6.7.1 or later\nTIBCO eFTL - Community Edition versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0 update to version 6.7.1 or later\nTIBCO eFTL - Developer Edition versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0 update to version 6.7.1 or later\nTIBCO eFTL - Enterprise Edition versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0 update to version 6.7.1 or later" } ], "source": { "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db", "assignerShortName": "tibco", "cveId": "CVE-2021-35497", "datePublished": "2021-10-05T17:25:10.057412Z", "dateReserved": "2021-06-24T00:00:00", "dateUpdated": "2024-09-16T23:51:00.951Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-28824
Vulnerability from cvelistv5
Published
2021-03-23 20:15
Modified
2024-09-16 17:08
Severity ?
EPSS score ?
Summary
TIBCO ActiveSpaces Windows Platform Installation vulnerability
References
▼ | URL | Tags |
---|---|---|
http://www.tibco.com/services/support/advisories | x_refsource_CONFIRM |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T21:55:11.744Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.tibco.com/services/support/advisories" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "TIBCO ActiveSpaces - Community Edition", "vendor": "TIBCO Software Inc.", "versions": [ { "lessThanOrEqual": "4.5.0", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "TIBCO ActiveSpaces - Developer Edition", "vendor": "TIBCO Software Inc.", "versions": [ { "lessThanOrEqual": "4.5.0", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "TIBCO ActiveSpaces - Enterprise Edition", "vendor": "TIBCO Software Inc.", "versions": [ { "lessThanOrEqual": "4.5.0", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability." } ], "datePublic": "2021-03-23T00:00:00", "descriptions": [ { "lang": "en", "value": "The Windows Installation component of TIBCO Software Inc.\u0027s TIBCO ActiveSpaces - Community Edition, TIBCO ActiveSpaces - Developer Edition, and TIBCO ActiveSpaces - Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.\u0027s TIBCO ActiveSpaces - Community Edition: versions 4.5.0 and below, TIBCO ActiveSpaces - Developer Edition: versions 4.5.0 and below, and TIBCO ActiveSpaces - Enterprise Edition: versions 4.5.0 and below." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component.", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-03-23T20:15:26", "orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db", "shortName": "tibco" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.tibco.com/services/support/advisories" } ], "solutions": [ { "lang": "en", "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO ActiveSpaces - Community Edition versions 4.5.0 and below update to version 4.6.0 or higher\nTIBCO ActiveSpaces - Developer Edition versions 4.5.0 and below update to version 4.6.0 or higher\nTIBCO ActiveSpaces - Enterprise Edition versions 4.5.0 and below update to version 4.6.0 or higher" } ], "source": { "discovery": "Will Dormann of CERT/CC" }, "title": "TIBCO ActiveSpaces Windows Platform Installation vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@tibco.com", "DATE_PUBLIC": "2021-03-23T17:00:00Z", "ID": "CVE-2021-28824", "STATE": "PUBLIC", "TITLE": "TIBCO ActiveSpaces Windows Platform Installation vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "TIBCO ActiveSpaces - Community Edition", "version": { "version_data": [ { "version_affected": "\u003c=", "version_value": "4.5.0" } ] } }, { "product_name": "TIBCO ActiveSpaces - Developer Edition", "version": { "version_data": [ { "version_affected": "\u003c=", "version_value": "4.5.0" } ] } }, { "product_name": "TIBCO ActiveSpaces - Enterprise Edition", "version": { "version_data": [ { "version_affected": "\u003c=", "version_value": "4.5.0" } ] } } ] }, "vendor_name": "TIBCO Software Inc." } ] } }, "credit": [ { "lang": "eng", "value": "TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability." } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The Windows Installation component of TIBCO Software Inc.\u0027s TIBCO ActiveSpaces - Community Edition, TIBCO ActiveSpaces - Developer Edition, and TIBCO ActiveSpaces - Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.\u0027s TIBCO ActiveSpaces - Community Edition: versions 4.5.0 and below, TIBCO ActiveSpaces - Developer Edition: versions 4.5.0 and below, and TIBCO ActiveSpaces - Enterprise Edition: versions 4.5.0 and below." } ] }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component." } ] } ] }, "references": { "reference_data": [ { "name": "http://www.tibco.com/services/support/advisories", "refsource": "CONFIRM", "url": "http://www.tibco.com/services/support/advisories" } ] }, "solution": [ { "lang": "en", "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO ActiveSpaces - Community Edition versions 4.5.0 and below update to version 4.6.0 or higher\nTIBCO ActiveSpaces - Developer Edition versions 4.5.0 and below update to version 4.6.0 or higher\nTIBCO ActiveSpaces - Enterprise Edition versions 4.5.0 and below update to version 4.6.0 or higher" } ], "source": { "discovery": "Will Dormann of CERT/CC" } } } }, "cveMetadata": { "assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db", "assignerShortName": "tibco", "cveId": "CVE-2021-28824", "datePublished": "2021-03-23T20:15:26.298722Z", "dateReserved": "2021-03-18T00:00:00", "dateUpdated": "2024-09-16T17:08:34.597Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-12411
Vulnerability from cvelistv5
Published
2018-11-07 00:00
Modified
2024-09-16 18:03
Severity ?
EPSS score ?
Summary
TIBCO ActiveSpaces Administrative Daemon Vulnerable to CSRF Attacks
References
▼ | URL | Tags |
---|---|---|
https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-activespaces | x_refsource_CONFIRM | |
http://www.tibco.com/services/support/advisories | x_refsource_MISC | |
http://www.securityfocus.com/bid/105869 | vdb-entry, x_refsource_BID |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T08:38:05.058Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-activespaces" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.tibco.com/services/support/advisories" }, { "name": "105869", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105869" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "TIBCO ActiveSpaces - Community Edition", "vendor": "TIBCO Software Inc.", "versions": [ { "status": "affected", "version": "3.3.0" }, { "status": "affected", "version": "3.4.0" }, { "status": "affected", "version": "3.5.0" } ] }, { "product": "TIBCO ActiveSpaces - Developer Edition", "vendor": "TIBCO Software Inc.", "versions": [ { "status": "affected", "version": "3.0.0" }, { "status": "affected", "version": "3.1.0" }, { "status": "affected", "version": "3.3.0" }, { "status": "affected", "version": "3.4.0" }, { "status": "affected", "version": "3.5.0" } ] }, { "product": "TIBCO ActiveSpaces - Enterprise Edition", "vendor": "TIBCO Software Inc.", "versions": [ { "status": "affected", "version": "3.0.0" }, { "status": "affected", "version": "3.1.0" }, { "status": "affected", "version": "3.2.0" }, { "status": "affected", "version": "3.3.0" }, { "status": "affected", "version": "3.4.0" }, { "status": "affected", "version": "3.5.0" } ] } ], "datePublic": "2018-11-06T00:00:00", "descriptions": [ { "lang": "en", "value": "The administrative daemon (tibdgadmind) of TIBCO Software Inc.\u0027s TIBCO ActiveSpaces - Community Edition, TIBCO ActiveSpaces - Developer Edition, and TIBCO ActiveSpaces - Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.\u0027s TIBCO ActiveSpaces - Community Edition: 3.3.0; 3.4.0; 3.5.0, TIBCO ActiveSpaces - Developer Edition: 3.0.0; 3.1.0; 3.3.0; 3.4.0; 3.5.0, and TIBCO ActiveSpaces - Enterprise Edition: 3.0.0; 3.1.0; 3.2.0; 3.3.0; 3.4.0; 3.5.0." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "In deployments that use the administrative daemon, there is a theoretical possibility that an attacker could gain full administrative access to the data grid, including the possibility of deleting data tables, and removing nodes from operation.", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-11-09T10:57:01", "orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db", "shortName": "tibco" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-activespaces" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.tibco.com/services/support/advisories" }, { "name": "105869", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105869" } ], "solutions": [ { "lang": "en", "value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO ActiveSpaces - Community Edition versions 3.3.0, 3.4.0, and 3.5.0 update to version 3.5.1 or higher\nTIBCO ActiveSpaces - Developer Edition versions 3.0.0, 3.1.0, 3.3.0, 3.4.0, and 3.5.0 update to version 3.5.1 or higher\nTIBCO ActiveSpaces - Enterprise Edition versions 3.0.0, 3.1.0, 3.2.0, 3.3.0, 3.4.0, and 3.5.0 update to version 3.5.1 or higher." } ], "source": { "discovery": "INTERNAL" }, "title": "TIBCO ActiveSpaces Administrative Daemon Vulnerable to CSRF Attacks", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@tibco.com", "DATE_PUBLIC": "2018-11-06T17:00:00.000Z", "ID": "CVE-2018-12411", "STATE": "PUBLIC", "TITLE": "TIBCO ActiveSpaces Administrative Daemon Vulnerable to CSRF Attacks" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "TIBCO ActiveSpaces - Community Edition", "version": { "version_data": [ { "affected": "=", "version_affected": "=", "version_value": "3.3.0" }, { "affected": "=", "version_affected": "=", "version_value": "3.4.0" }, { "affected": "=", "version_affected": "=", "version_value": "3.5.0" } ] } }, { "product_name": "TIBCO ActiveSpaces - Developer Edition", "version": { "version_data": [ { "affected": "=", "version_affected": "=", "version_value": "3.0.0" }, { "affected": "=", "version_affected": "=", "version_value": "3.1.0" }, { "affected": "=", "version_affected": "=", "version_value": "3.3.0" }, { "affected": "=", "version_affected": "=", "version_value": "3.4.0" }, { "affected": "=", "version_affected": "=", "version_value": "3.5.0" } ] } }, { "product_name": "TIBCO ActiveSpaces - Enterprise Edition", "version": { "version_data": [ { "affected": "=", "version_affected": "=", "version_value": "3.0.0" }, { "affected": "=", "version_affected": "=", "version_value": "3.1.0" }, { "affected": "=", "version_affected": "=", "version_value": "3.2.0" }, { "affected": "=", "version_affected": "=", "version_value": "3.3.0" }, { "affected": "=", "version_affected": "=", "version_value": "3.4.0" }, { "affected": "=", "version_affected": "=", "version_value": "3.5.0" } ] } } ] }, "vendor_name": "TIBCO Software Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The administrative daemon (tibdgadmind) of TIBCO Software Inc.\u0027s TIBCO ActiveSpaces - Community Edition, TIBCO ActiveSpaces - Developer Edition, and TIBCO ActiveSpaces - Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.\u0027s TIBCO ActiveSpaces - Community Edition: 3.3.0; 3.4.0; 3.5.0, TIBCO ActiveSpaces - Developer Edition: 3.0.0; 3.1.0; 3.3.0; 3.4.0; 3.5.0, and TIBCO ActiveSpaces - Enterprise Edition: 3.0.0; 3.1.0; 3.2.0; 3.3.0; 3.4.0; 3.5.0." } ] }, "impact": { "cvss": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "In deployments that use the administrative daemon, there is a theoretical possibility that an attacker could gain full administrative access to the data grid, including the possibility of deleting data tables, and removing nodes from operation." } ] } ] }, "references": { "reference_data": [ { "name": "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-activespaces", "refsource": "CONFIRM", "url": "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-activespaces" }, { "name": "http://www.tibco.com/services/support/advisories", "refsource": "MISC", "url": "http://www.tibco.com/services/support/advisories" }, { "name": "105869", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105869" } ] }, "solution": [ { "lang": "en", "value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO ActiveSpaces - Community Edition versions 3.3.0, 3.4.0, and 3.5.0 update to version 3.5.1 or higher\nTIBCO ActiveSpaces - Developer Edition versions 3.0.0, 3.1.0, 3.3.0, 3.4.0, and 3.5.0 update to version 3.5.1 or higher\nTIBCO ActiveSpaces - Enterprise Edition versions 3.0.0, 3.1.0, 3.2.0, 3.3.0, 3.4.0, and 3.5.0 update to version 3.5.1 or higher." } ], "source": { "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db", "assignerShortName": "tibco", "cveId": "CVE-2018-12411", "datePublished": "2018-11-07T00:00:00Z", "dateReserved": "2018-06-14T00:00:00", "dateUpdated": "2024-09-16T18:03:18.833Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }