TIBCO DataSynapse GridServer Manager Component Vulnerable to Cross-Site Request Forgery
book
Article ID: KB0108091
calendar_today
Updated On:
Products
Versions
TIBCO DataSynapse GridServer
5.2.0, 6.0.x, 6.1.x,6.2.x, 6.3.0
Description
Original release date: November 13, 2018 Last revised: -- Source: TIBCO Software Inc.
Description
The components listed above contain vulnerabilities which may allow an unauthenticated user to perform cross-site request forgery (CSRF).
Impact
The impact of this vulnerability includes the theoretical possibility that a malicious actor could gain full access to the web interface of the affected components.
CVSS v3 Base Score: 7.1 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H)
Environment
Systems Affected
TIBCO DataSynapse GridServer Manager versions 5.2.0 and below
TIBCO DataSynapse GridServer Manager versions 6.0.x, 6.1.x, 6.2.x, and 6.3.0
The following components are affected:
* GridServer Broker
* GridServer Director
Resolution
TIBCO has released updated versions of the affected components which address these issues.
For each affected system, update to the corresponding software versions:
TIBCO DataSynapse GridServer Manager versions 5.2.0 and below update to version 5.2.1 or higher
TIBCO DataSynapse GridServer Manager versions 6.0.x, 6.1.x, 6.2.x, and 6.3.0 update to version 6.3.1 or higher
Issue/Introduction
TIBCO DataSynapse GridServer Manager Component Vulnerable to Cross-Site Request Forgery