TIBCO DataSynapse GridServer Manager Component Vulnerable to Cross-Site Request Forgery

TIBCO DataSynapse GridServer Manager Component Vulnerable to Cross-Site Request Forgery

book

Article ID: KB0108091

calendar_today

Updated On:

Products Versions
TIBCO DataSynapse GridServer 5.2.0, 6.0.x, 6.1.x,6.2.x, 6.3.0

Description

  Original release date: November 13, 2018
  Last revised: --
  Source: TIBCO Software Inc.

Description

  The components listed above contain vulnerabilities which may allow an
  unauthenticated user to perform cross-site request forgery (CSRF).


Impact

  The impact of this vulnerability includes the theoretical possibility that a
  malicious actor could gain full access to the web interface of the affected
  components.

  CVSS v3 Base Score: 7.1 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H)
 

Environment

Systems Affected TIBCO DataSynapse GridServer Manager versions 5.2.0 and below TIBCO DataSynapse GridServer Manager versions 6.0.x, 6.1.x, 6.2.x, and 6.3.0 The following components are affected: * GridServer Broker * GridServer Director

Resolution

  TIBCO has released updated versions of the affected components which address
  these issues.

  For each affected system, update to the corresponding software versions:

  TIBCO DataSynapse GridServer Manager versions 5.2.0 and below update to
    version 5.2.1 or higher

  TIBCO DataSynapse GridServer Manager versions 6.0.x, 6.1.x, 6.2.x, and 6.3.0
    update to version 6.3.1 or higher

Issue/Introduction

TIBCO DataSynapse GridServer Manager Component Vulnerable to Cross-Site Request Forgery

Additional Information

 http://www.tibco.com/services/support/advisories
  CVE: CVE-2018-12416