Security Advisory for TIBCO Administrator

Security Advisory for TIBCO Administrator

book

Article ID: KB0108105

calendar_today

Updated On:

Products Versions
TIBCO Administrator 5.10.0 and below

Description

Description

  The TIBCO Administrator component listed above contains multiple
  vulnerabilities wherein a malicious user could theoretically perform
  cross-site scripting (XSS) attacks by way of manipulating artifacts prior to
  uploading them.


Impact

  The impact of the vulnerability includes the theoretical possibility of a
  user performing operations using another user's access, including
  administrative functions being performed by a non-administrative user.
  The impact also theoretically includes access to all administrative
  information, including deployment variable settings ("global variables").

  CVSS v3 Base Score: 8.0 (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)

Environment

Systems Affected TIBCO Administrator - Enterprise Edition versions 5.10.0 and below TIBCO Administrator - Enterprise Edition for z/Linux versions 5.9.1 and below The following components are affected: * TIBCO Administrator server

Resolution

TIBCO has released updated versions of the affected components which address
  these issues.

  For each affected system, update to the corresponding software versions:

  TIBCO Administrator - Enterprise Edition versions 5.10.0 and below
    update to version 5.10.1 or higher

  TIBCO Administrator - Enterprise Edition for z/Linux versions 5.9.1
    and below update to version 5.10.1 or higher

 

Issue/Introduction

Security Advisory for TIBCO Administrator

Additional Information


Acknowledgments

  TIBCO would like to extend its appreciation to Baker Hamilton at Bishop Fox
  for discovery of this vulnerability.


References

  http://www.tibco.com/services/support/advisories
  CVE: CVE-2018-5432
Powered by Wolken Software