TIBCO DataSynapse GridServer Manager Component Vulnerable to Cross-Site Request Forgery
Article ID: KB0108091
Updated On:
| Products | Versions |
|---|---|
| TIBCO DataSynapse GridServer | 5.2.0, 6.0.x, 6.1.x,6.2.x, 6.3.0 |
Description
Original release date: November 13, 2018
Last revised: --
Source: TIBCO Software Inc.
Description
The components listed above contain vulnerabilities which may allow an
unauthenticated user to perform cross-site request forgery (CSRF).
Impact
The impact of this vulnerability includes the theoretical possibility that a
malicious actor could gain full access to the web interface of the affected
components.
CVSS v3 Base Score: 7.1 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H)
Environment
Systems Affected
TIBCO DataSynapse GridServer Manager versions 5.2.0 and below
TIBCO DataSynapse GridServer Manager versions 6.0.x, 6.1.x, 6.2.x, and 6.3.0
The following components are affected:
* GridServer Broker
* GridServer Director
Resolution
TIBCO has released updated versions of the affected components which address
these issues.
For each affected system, update to the corresponding software versions:
TIBCO DataSynapse GridServer Manager versions 5.2.0 and below update to
version 5.2.1 or higher
TIBCO DataSynapse GridServer Manager versions 6.0.x, 6.1.x, 6.2.x, and 6.3.0
update to version 6.3.1 or higher
these issues.
For each affected system, update to the corresponding software versions:
TIBCO DataSynapse GridServer Manager versions 5.2.0 and below update to
version 5.2.1 or higher
TIBCO DataSynapse GridServer Manager versions 6.0.x, 6.1.x, 6.2.x, and 6.3.0
update to version 6.3.1 or higher
Issue/Introduction
TIBCO DataSynapse GridServer Manager Component Vulnerable to Cross-Site Request Forgery
Additional Information
http://www.tibco.com/services/support/advisories
CVE: CVE-2018-12416
CVE: CVE-2018-12416
Feedback
Yes
No
Powered by
