Security Advisory regarding TIBCO Enterprise Message Service
Article ID: KB0108096
Updated On:
| Products | Versions |
|---|---|
| TIBCO Enterprise Message Service | 8.4.0 and below |
Description
TIBCO Enterprise Messaging Service Vulnerable to CSRF Attacks
Original release date: November 6, 2018
Last revised:
Source: TIBCO Software Inc.
Description
The component listed above contains a vulnerability which may allow an
attacker to perform cross-site request forgery (CSRF) attacks.
Impact
In deployments of TIBCO Enterprise Messaging Service (EMS) that use the
Central Administration server, the impact of this vulnerability includes the
theoretical possibility of reconfiguring all EMS servers administered by the
affected component. With such access, the attacker might also be able to gain
access to all data sent via EMS.
CVSS v3 Base Score: 7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
Original release date: November 6, 2018
Last revised:
Source: TIBCO Software Inc.
Description
The component listed above contains a vulnerability which may allow an
attacker to perform cross-site request forgery (CSRF) attacks.
Impact
In deployments of TIBCO Enterprise Messaging Service (EMS) that use the
Central Administration server, the impact of this vulnerability includes the
theoretical possibility of reconfiguring all EMS servers administered by the
affected component. With such access, the attacker might also be able to gain
access to all data sent via EMS.
CVSS v3 Base Score: 7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
Issue/Introduction
Security Advisory regarding TIBCO Enterprise Message Service
Environment
Systems Affected
TIBCO Enterprise Messaging Service versions 8.4.0 and below
TIBCO Enterprise Messaging Service - Community Edition
versions 8.4.0 and below
TIBCO Enterprise Messaging Service - Developer Edition
versions 8.4.0 and below
The following components are affected:
* Central Administration server (emsca)
Resolution
Solution
TIBCO has released updated versions of the affected components which address
these issues.
For each affected system, update to the corresponding software versions:
TIBCO Enterprise Messaging Service versions 8.4.0 and below
update to version 8.4.1 or higher
TIBCO Enterprise Messaging Service - Community Edition
versions 8.4.0 and below update to version 8.4.1 or higher
TIBCO Enterprise Messaging Service - Developer Edition
versions 8.4.0 and below update to version 8.4.1 or higher
TIBCO has released updated versions of the affected components which address
these issues.
For each affected system, update to the corresponding software versions:
TIBCO Enterprise Messaging Service versions 8.4.0 and below
update to version 8.4.1 or higher
TIBCO Enterprise Messaging Service - Community Edition
versions 8.4.0 and below update to version 8.4.1 or higher
TIBCO Enterprise Messaging Service - Developer Edition
versions 8.4.0 and below update to version 8.4.1 or higher
Additional Information
References
http://www.tibco.com/services/support/advisories
CVE-2018-12415
http://www.tibco.com/services/support/advisories
CVE-2018-12415
Feedback
Yes
No
Powered by
