TIBCO Data Virtualization Command Injection Vulnerability
Article ID: KB0108103
Updated On:
| Products | Versions |
|---|---|
| TIBCO Data Virtualization | 7.0.5, 7.0.6 |
Description
Description
The component listed above contain vulnerabilities that may allow for
arbitrary command execution.
Impact
The impact of this vulnerability includes the theoretical ability to execute
arbitrary code with the privileges of the user account of the Data
Virtualization server.
CVSS v3 Base Score: 8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
The component listed above contain vulnerabilities that may allow for
arbitrary command execution.
Impact
The impact of this vulnerability includes the theoretical ability to execute
arbitrary code with the privileges of the user account of the Data
Virtualization server.
CVSS v3 Base Score: 8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Issue/Introduction
TIBCO Data Virtualization Command Injection Vulnerability
Environment
Systems Affected
TIBCO Data Virtualization (formerly Cisco Information Server)
versions 7.0.5 and 7.0.6
The following components are affected:
* Version control adapters
Resolution
Solution
TIBCO has released updated versions of the affected components which address
these issues.
For each affected system, update to the corresponding software versions:
TIBCO Data Virtualization versions 7.0.5 and 7.0.6 update to
version 7.0.7 or higher.
TIBCO has released updated versions of the affected components which address
these issues.
For each affected system, update to the corresponding software versions:
TIBCO Data Virtualization versions 7.0.5 and 7.0.6 update to
version 7.0.7 or higher.
Additional Information
http://www.tibco.com/services/support/advisories
CVE: CVE-2018-5428
CVE: CVE-2018-5428
Feedback
Yes
No
Powered by
