SAML protocol handling errors in tibbr

  Original release date: December 12, 2017
  Last revised: --
  Source: TIBCO Software Inc.

Description

  The tibbr components listed above contain SAML protocol handling errors
  which may allow authorized users to impersonate other users, and therefore
  escalate their access privileges.


Impact

  The impact of this vulnerability includes, for already authorized users,
  the theoretical escalation of privileges to those of any other user.

  CVSS v3 Base Score: 8.1 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)

Systems Affected tibbr Community versions 5.2.1 and below tibbr Community versions 6.0.0 and 6.0.1 tibbr Community versions 7.0.0 tibbr Enterprise versions 5.2.1 and below tibbr Enterprise versions 6.0.0 and 6.0.1 tibbr Enterprise version 7.0.0 The following components are affected: * tibbr web server

Solution

  TIBCO has released updated versions of the affected components which address
  these issues.

  For each affected system, update to the corresponding software versions:

  For tibbr Community
    versions 5.2.1 and below, upgrade to version 5.2.2 or higher
    versions 6.0.X, upgrade to version 6.0.2 or higher
    version 7.0.0, upgrade to version 7.0.1 or higher

  For tibbr Enterprise
    versions 5.2.1 and below, upgrade to version 5.2.2 or higher
    versions 6.0.X, upgrade to version 6.0.2 or higher
    version 7.0.0, upgrade to version 7.0.1 or higher

 

Security Advisory for TIBCO tibbr Community and Enterprise

  http://www.tibco.com/services/support/advisories
  CVE: CVE-2017-5530