Security Advisory regarding TIBCO Foresight Transaction Insight
Article ID: KB0108032
Updated On:
| Products | Versions |
|---|---|
| TIBCO Foresight Transaction Insight | 5.1.0 and below, 5.2.0, Healthcare Edition 5.1.0 and 5.2.0 |
| TIBCO Foresight Archive and Retrieval System | .1.0 and below, 5.2.0, Healthcare Edition 5.1.0 and 5.2.0 |
Description
TIBCO Foresight SQL Injection
Original release date: October 20, 2020
Last revised: ---
Source: TIBCO Software Inc.
Description
The component listed above contains a vulnerability that theoretically allows
an authenticated attacker to perform SQL injection.
Impact
The impact of these vulnerabilities includes the theoretical possibility that
an authenticated attacker could craft a SQL query that would allow the
attacker to create records, and read, update or delete entries in a victim’s
account.
CVSS v3 Base Score: 7.6 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L)
Environment
Systems Affected
TIBCO Foresight Archive and Retrieval System versions 5.1.0 and below
TIBCO Foresight Archive and Retrieval System version 5.2.0
TIBCO Foresight Archive and Retrieval System Healthcare Edition versions
5.1.0 and below
TIBCO Foresight Archive and Retrieval System Healthcare Edition version
5.2.0
TIBCO Foresight Operational Monitor versions 5.1.0 and below
TIBCO Foresight Operational Monitor version 5.2.0
TIBCO Foresight Operational Monitor Healthcare Edition versions 5.1.0 and
below
TIBCO Foresight Operational Monitor Healthcare Edition version 5.2.0
TIBCO Foresight Transaction Insight versions 5.1.0 and below
TIBCO Foresight Transaction Insight version 5.2.0
TIBCO Foresight Transaction Insight Healthcare Edition versions 5.1.0 and
below
TIBCO Foresight Transaction Insight Healthcare Edition version 5.2.0
The following component is affected:
* Transaction Insight reporting
Resolution
Solution
TIBCO has released updated versions of the affected systems which address this
issue:
TIBCO Foresight Archive and Retrieval System versions 5.1.0 and below update
to version 5.1.1 or higher
TIBCO Foresight Archive and Retrieval System version 5.2.0 update to version
5.2.1 or higher
TIBCO Foresight Archive and Retrieval System Healthcare Edition versions
5.1.0 and below update to version 5.1.1 or higher
TIBCO Foresight Archive and Retrieval System Healthcare Edition version
5.2.0 update to version 5.2.1 or higher
TIBCO Foresight Operational Monitor versions 5.1.0 and below update to
version 5.1.1 or higher
TIBCO Foresight Operational Monitor version 5.2.0 update to version 5.2.1 or
higher
TIBCO Foresight Operational Monitor Healthcare Edition versions 5.1.0 and
below update to version 5.1.1 or higher
TIBCO Foresight Operational Monitor Healthcare Edition version 5.2.0 update
to version 5.2.1 or higher
TIBCO Foresight Transaction Insight versions 5.1.0 and below update to
version 5.1.1 or higher
TIBCO Foresight Transaction Insight version 5.2.0 update to version 5.2.1 or
higher
TIBCO Foresight Transaction Insight Healthcare Edition versions 5.1.0 and
below update to version 5.1.1 or higher
TIBCO Foresight Transaction Insight Healthcare Edition version 5.2.0 update
to version 5.2.1 or higher
TIBCO has released updated versions of the affected systems which address this
issue:
TIBCO Foresight Archive and Retrieval System versions 5.1.0 and below update
to version 5.1.1 or higher
TIBCO Foresight Archive and Retrieval System version 5.2.0 update to version
5.2.1 or higher
TIBCO Foresight Archive and Retrieval System Healthcare Edition versions
5.1.0 and below update to version 5.1.1 or higher
TIBCO Foresight Archive and Retrieval System Healthcare Edition version
5.2.0 update to version 5.2.1 or higher
TIBCO Foresight Operational Monitor versions 5.1.0 and below update to
version 5.1.1 or higher
TIBCO Foresight Operational Monitor version 5.2.0 update to version 5.2.1 or
higher
TIBCO Foresight Operational Monitor Healthcare Edition versions 5.1.0 and
below update to version 5.1.1 or higher
TIBCO Foresight Operational Monitor Healthcare Edition version 5.2.0 update
to version 5.2.1 or higher
TIBCO Foresight Transaction Insight versions 5.1.0 and below update to
version 5.1.1 or higher
TIBCO Foresight Transaction Insight version 5.2.0 update to version 5.2.1 or
higher
TIBCO Foresight Transaction Insight Healthcare Edition versions 5.1.0 and
below update to version 5.1.1 or higher
TIBCO Foresight Transaction Insight Healthcare Edition version 5.2.0 update
to version 5.2.1 or higher
Issue/Introduction
Security Advisory regarding TIBCO Foresight Transaction Insight SQL Injection
Additional Information
http://www.tibco.com/services/support/advisories
CVE-2020-9417
CVE-2020-9417
Feedback
Yes
No
Powered by
