CVE-2017-5536 (GCVE-0-2017-5536)
Vulnerability from cvelistv5 – Published: 2018-05-01 18:00 – Updated: 2024-09-17 03:38
VLAI
EPSS
VEX
Title
TIBCO DataSynapse GridServer manager component vulnerable to cross-site scripting attacks
Summary
The GridServer Broker, and GridServer Director components of TIBCO Software Inc. TIBCO DataSynapse GridServer Manager contain vulnerabilities which may allow an authenticated user to perform cross-site scripting (XSS). In addition, an authenticated user could be a victim of a cross-site request forgery (CSRF) attack. Affected releases include TIBCO Software Inc.'s TIBCO DataSynapse GridServer Manager: versions up to and including 5.1.3; 6.0.0; 6.0.1; 6.0.2; 6.1.0; 6.1.1; and 6.2.0.
Severity
6.3 (Medium)
CWE
- The impact of this vulnerability includes the possibility that a malicious actor could gain access to a more privileged account on the affected components or the information managed by those components.
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.tibco.com/support/advisories/2018/05/… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TIBCO Software Inc. | TIBCO DataSynapse GridServer Manager |
Affected:
unspecified , ≤ 5.1.3
(custom)
Affected: 6.0.0 Affected: 6.0.1 Affected: 6.0.2 Affected: 6.1.0 Affected: 6.1.1 Affected: 6.2.0 |
Date Public
2018-05-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:04:15.331Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2018/05/security-advisory-may-1-2018-tibco-datasynapse-gridserver-2017-5536"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO DataSynapse GridServer Manager",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "5.1.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "6.0.0"
},
{
"status": "affected",
"version": "6.0.1"
},
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.1.0"
},
{
"status": "affected",
"version": "6.1.1"
},
{
"status": "affected",
"version": "6.2.0"
}
]
}
],
"datePublic": "2018-05-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The GridServer Broker, and GridServer Director components of TIBCO Software Inc. TIBCO DataSynapse GridServer Manager contain vulnerabilities which may allow an authenticated user to perform cross-site scripting (XSS). In addition, an authenticated user could be a victim of a cross-site request forgery (CSRF) attack. Affected releases include TIBCO Software Inc.\u0027s TIBCO DataSynapse GridServer Manager: versions up to and including 5.1.3; 6.0.0; 6.0.1; 6.0.2; 6.1.0; 6.1.1; and 6.2.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the possibility that a malicious actor could gain access to a more privileged account on the affected components or the information managed by those components.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-01T17:57:01.000Z",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2018/05/security-advisory-may-1-2018-tibco-datasynapse-gridserver-2017-5536"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO DataSynapse GridServer Manager versions 5.1.3 and below update to version 5.2.0 or higher\nTIBCO DataSynapse GridServer Manager versions 6.0.0, 6.0.1, and 6.0.2 update to version 6.3.0 or higher\nTIBCO DataSynapse GridServer Manager versions 6.1.0, and 6.1.1 update to version 6.3.0 or higher\nTIBCO DataSynapse GridServer Manager version 6.2.0 update to version 6.3.0 or higher"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "TIBCO DataSynapse GridServer manager component vulnerable to cross-site scripting attacks",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2018-05-01T16:00:00.000Z",
"ID": "CVE-2017-5536",
"STATE": "PUBLIC",
"TITLE": "TIBCO DataSynapse GridServer manager component vulnerable to cross-site scripting attacks"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO DataSynapse GridServer Manager",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "5.1.3"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "6.0.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "6.0.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "6.0.2"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "6.1.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "6.1.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "6.2.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The GridServer Broker, and GridServer Director components of TIBCO Software Inc. TIBCO DataSynapse GridServer Manager contain vulnerabilities which may allow an authenticated user to perform cross-site scripting (XSS). In addition, an authenticated user could be a victim of a cross-site request forgery (CSRF) attack. Affected releases include TIBCO Software Inc.\u0027s TIBCO DataSynapse GridServer Manager: versions up to and including 5.1.3; 6.0.0; 6.0.1; 6.0.2; 6.1.0; 6.1.1; and 6.2.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the possibility that a malicious actor could gain access to a more privileged account on the affected components or the information managed by those components."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tibco.com/support/advisories/2018/05/security-advisory-may-1-2018-tibco-datasynapse-gridserver-2017-5536",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2018/05/security-advisory-may-1-2018-tibco-datasynapse-gridserver-2017-5536"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO DataSynapse GridServer Manager versions 5.1.3 and below update to version 5.2.0 or higher\nTIBCO DataSynapse GridServer Manager versions 6.0.0, 6.0.1, and 6.0.2 update to version 6.3.0 or higher\nTIBCO DataSynapse GridServer Manager versions 6.1.0, and 6.1.1 update to version 6.3.0 or higher\nTIBCO DataSynapse GridServer Manager version 6.2.0 update to version 6.3.0 or higher"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2017-5536",
"datePublished": "2018-05-01T18:00:00.000Z",
"dateReserved": "2017-01-19T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:38:41.007Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2017-5536",
"date": "2026-07-17",
"epss": "0.00676",
"percentile": "0.48132"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:tibco:datasynapse_gridserver_manager:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"5.1.3\", \"matchCriteriaId\": \"CC2BAE6B-9ED9-42CE-99B3-9CDDF18E8017\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:tibco:datasynapse_gridserver_manager:6.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"93EA58BA-253F-4B2F-9FDD-77D83D83B2B8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:tibco:datasynapse_gridserver_manager:6.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"72D6224E-023B-4BE9-B0F6-C9E1E95C08FE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:tibco:datasynapse_gridserver_manager:6.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"663D8FE4-19D8-4FD9-8507-4DB72E28DEE6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:tibco:datasynapse_gridserver_manager:6.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9562E33D-669A-47DA-B7CA-DF92BEE85163\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:tibco:datasynapse_gridserver_manager:6.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"21BE8EAE-97FE-45F4-BE02-82836C5CB737\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:tibco:datasynapse_gridserver_manager:6.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"812E2864-CFEA-4FF6-AB37-00A10FD5047E\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"The GridServer Broker, and GridServer Director components of TIBCO Software Inc. TIBCO DataSynapse GridServer Manager contain vulnerabilities which may allow an authenticated user to perform cross-site scripting (XSS). In addition, an authenticated user could be a victim of a cross-site request forgery (CSRF) attack. Affected releases include TIBCO Software Inc.\u0027s TIBCO DataSynapse GridServer Manager: versions up to and including 5.1.3; 6.0.0; 6.0.1; 6.0.2; 6.1.0; 6.1.1; and 6.2.0.\"}, {\"lang\": \"es\", \"value\": \"Los componentes GridServer Broker y GridServer Director en TIBCO DataSynapse GridServer Manager de TIBCO Software Inc. contienen vulnerabilidades que podr\\u00edan permitir a un usuario autenticado realizar Cross-Site Scripting (XSS). Adem\\u00e1s, un usuario autenticado podr\\u00eda ser v\\u00edctima de un ataque Cross-Site Request Forgery (CSRF). Las distribuciones afectadas de TIBCO DataSynapse GridServer Manager de TIBCO Software Inc. son: todas las versiones hasta la 5.1.3, 6.0.0, 6.0.1, 6.0.2, 6.1.0, 6.1.1 y 6.2.0.\"}]",
"id": "CVE-2017-5536",
"lastModified": "2024-11-21T03:27:50.493",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"security@tibco.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N\", \"baseScore\": 6.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.1, \"impactScore\": 4.2}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 5.4, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.3, \"impactScore\": 2.7}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:S/C:N/I:P/A:N\", \"baseScore\": 3.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 6.8, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2018-05-01T18:29:00.540",
"references": "[{\"url\": \"https://www.tibco.com/support/advisories/2018/05/security-advisory-may-1-2018-tibco-datasynapse-gridserver-2017-5536\", \"source\": \"security@tibco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.tibco.com/support/advisories/2018/05/security-advisory-may-1-2018-tibco-datasynapse-gridserver-2017-5536\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "security@tibco.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2017-5536\",\"sourceIdentifier\":\"security@tibco.com\",\"published\":\"2018-05-01T18:29:00.540\",\"lastModified\":\"2024-11-21T03:27:50.493\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The GridServer Broker, and GridServer Director components of TIBCO Software Inc. TIBCO DataSynapse GridServer Manager contain vulnerabilities which may allow an authenticated user to perform cross-site scripting (XSS). In addition, an authenticated user could be a victim of a cross-site request forgery (CSRF) attack. Affected releases include TIBCO Software Inc.\u0027s TIBCO DataSynapse GridServer Manager: versions up to and including 5.1.3; 6.0.0; 6.0.1; 6.0.2; 6.1.0; 6.1.1; and 6.2.0.\"},{\"lang\":\"es\",\"value\":\"Los componentes GridServer Broker y GridServer Director en TIBCO DataSynapse GridServer Manager de TIBCO Software Inc. contienen vulnerabilidades que podr\u00edan permitir a un usuario autenticado realizar Cross-Site Scripting (XSS). Adem\u00e1s, un usuario autenticado podr\u00eda ser v\u00edctima de un ataque Cross-Site Request Forgery (CSRF). Las distribuciones afectadas de TIBCO DataSynapse GridServer Manager de TIBCO Software Inc. son: todas las versiones hasta la 5.1.3, 6.0.0, 6.0.1, 6.0.2, 6.1.0, 6.1.1 y 6.2.0.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"security@tibco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N\",\"baseScore\":6.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.1,\"impactScore\":4.2},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.3,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:N/I:P/A:N\",\"baseScore\":3.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":6.8,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tibco:datasynapse_gridserver_manager:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.1.3\",\"matchCriteriaId\":\"CC2BAE6B-9ED9-42CE-99B3-9CDDF18E8017\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tibco:datasynapse_gridserver_manager:6.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"93EA58BA-253F-4B2F-9FDD-77D83D83B2B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tibco:datasynapse_gridserver_manager:6.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"72D6224E-023B-4BE9-B0F6-C9E1E95C08FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tibco:datasynapse_gridserver_manager:6.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"663D8FE4-19D8-4FD9-8507-4DB72E28DEE6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tibco:datasynapse_gridserver_manager:6.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9562E33D-669A-47DA-B7CA-DF92BEE85163\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tibco:datasynapse_gridserver_manager:6.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21BE8EAE-97FE-45F4-BE02-82836C5CB737\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tibco:datasynapse_gridserver_manager:6.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"812E2864-CFEA-4FF6-AB37-00A10FD5047E\"}]}]}],\"references\":[{\"url\":\"https://www.tibco.com/support/advisories/2018/05/security-advisory-may-1-2018-tibco-datasynapse-gridserver-2017-5536\",\"source\":\"security@tibco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.tibco.com/support/advisories/2018/05/security-advisory-may-1-2018-tibco-datasynapse-gridserver-2017-5536\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…