Security Advisory regarding TIBCO FTL

Security Advisory regarding TIBCO FTL

book

Article ID: KB0108094

calendar_today

Updated On:

Products Versions
TIBCO FTL 5.4.0 and below

Description

TIBCO Messaging - Apache Kafka Distribution - Schema Repository Vulnerable
to CSRF Attacks

  Original release date: November 6, 2018
  Last revised:
  Source: TIBCO Software Inc.

Description

  The component listed above contains a vulnerability which may allow an
  attacker to perform cross-site request forgery (CSRF) attacks.


Impact

  The impact of this vulnerability includes the theoretical possibility that
  an attacker could gain full access to realm configuation. With such access,
  the attacker might also be able to gain access to all data sent to endpoints
  controlled by the realm server.

  CVSS v3 Base Score: 7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)

Environment

Systems Affected TIBCO FTL - Community Edition versions 5.4.0 and below TIBCO FTL - Developer Edition versions 5.4.0 and below TIBCO FTL - Enterprise Edition versions 5.4.0 and below The following components are affected: * realm server (tibrealmserver)

Resolution

Solution

  TIBCO has released updated versions of the affected components which address
  these issues.

  For each affected system, update to the corresponding software versions:

  TIBCO FTL - Community Edition versions 5.4.0 and below update to
    version 5.4.1 or higher

  TIBCO FTL - Developer Edition versions 5.4.0 and below update to
    version 5.4.1 or higher

  TIBCO FTL - Enterprise Edition versions 5.4.0 and below update to
    version 5.4.1 or higher

Issue/Introduction

Security Advisory regarding TIBCO FTL

Additional Information

References

  http://www.tibco.com/services/support/advisories
  CVE-2018-12412
Powered by Wolken Software