Security Advisory for TIBCO DataSynapse GridServer - Cross-site scripting
Article ID: KB0108106
Updated On:
| Products | Versions |
|---|---|
| TIBCO DataSynapse GridServer Manager | 5.1.3 and below, 6.0.0, 6.0.1, 6.0.2, 6.1.0, 6.1.1, 6.2.0 |
Description
TIBCO DataSynapse GridServer manager component vulnerable to cross-site
scripting attacks
Original release date: May 1, 2018
Last revised: --
Source: TIBCO Software Inc.
Description
The components listed above contain vulnerabilities which may allow an
authenticated user to perform cross-site scripting (XSS). In addition,
an authenticated user could be a victim of a cross-site request forgery
(CSRF) attack.
Impact
The impact of this vulnerability includes the possibility that a malicious
actor could gain access to a more privileged account on the affected
components or the information managed by those components.
CVSS v3 Base Score: 6.3 (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N)
scripting attacks
Original release date: May 1, 2018
Last revised: --
Source: TIBCO Software Inc.
Description
The components listed above contain vulnerabilities which may allow an
authenticated user to perform cross-site scripting (XSS). In addition,
an authenticated user could be a victim of a cross-site request forgery
(CSRF) attack.
Impact
The impact of this vulnerability includes the possibility that a malicious
actor could gain access to a more privileged account on the affected
components or the information managed by those components.
CVSS v3 Base Score: 6.3 (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N)
Issue/Introduction
TIBCO DataSynapse GridServer manager component vulnerable to cross-site scripting attacks
Environment
Systems Affected
TIBCO DataSynapse GridServer Manager versions 5.1.3 and below
TIBCO DataSynapse GridServer Manager versions 6.0.0, 6.0.1, and 6.0.2
TIBCO DataSynapse GridServer Manager versions 6.1.0, and 6.1.1
TIBCO DataSynapse GridServer Manager version 6.2.0
The following components are affected:
* GridServer Broker
* GridServer Director
Resolution
Solution
TIBCO has released updated versions of the affected components which address
these issues.
For each affected system, update to the corresponding software versions:
TIBCO DataSynapse GridServer Manager versions 5.1.3 and below update to
version 5.2.0 or higher
TIBCO DataSynapse GridServer Manager versions 6.0.0, 6.0.1, and 6.0.2
update to version 6.3.0 or higher
TIBCO DataSynapse GridServer Manager versions 6.1.0, and 6.1.1
update to version 6.3.0 or higher
TIBCO DataSynapse GridServer Manager version 6.2.0
update to version 6.3.0 or higher
TIBCO has released updated versions of the affected components which address
these issues.
For each affected system, update to the corresponding software versions:
TIBCO DataSynapse GridServer Manager versions 5.1.3 and below update to
version 5.2.0 or higher
TIBCO DataSynapse GridServer Manager versions 6.0.0, 6.0.1, and 6.0.2
update to version 6.3.0 or higher
TIBCO DataSynapse GridServer Manager versions 6.1.0, and 6.1.1
update to version 6.3.0 or higher
TIBCO DataSynapse GridServer Manager version 6.2.0
update to version 6.3.0 or higher
Additional Information
http://www.tibco.com/services/support/advisories
CVE: CVE-2017-5536
CVE: CVE-2017-5536
Feedback
Yes
No
Powered by
