Security Advisory regarding TIBCO Rendezvous
Article ID: KB0108092
Updated On:
| Products | Versions |
|---|---|
| TIBCO Rendezvous | 8.4.5 and below |
| TIBCO Substation ES | 2.12.0 and below |
| TIBCO Rendezvous for z/OS | 8.4.5. and below |
Description
TIBCO Rendezvous Vulnerable to CSRF Attacks
Original release date: November 6, 2018
Last revised:
Source: TIBCO Software Inc.
Description
The components listed above contain vulnerabilities which may allow an
attacker to perform cross-site request forgery (CSRF) attacks.
Impact
The impact of these vulnerabilities includes the theoretical possibility of
reconfiguring all messaging handled by TIBCO Rendezvous (RV). With such
access, the attacker might also be able to gain access to all data sent via
RV.
CVSS v3 Base Score: 7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
Original release date: November 6, 2018
Last revised:
Source: TIBCO Software Inc.
Description
The components listed above contain vulnerabilities which may allow an
attacker to perform cross-site request forgery (CSRF) attacks.
Impact
The impact of these vulnerabilities includes the theoretical possibility of
reconfiguring all messaging handled by TIBCO Rendezvous (RV). With such
access, the attacker might also be able to gain access to all data sent via
RV.
CVSS v3 Base Score: 7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
Issue/Introduction
Security Advisory regarding TIBCO Rendezvous
Environment
Systems Affected
TIBCO Rendezvous versions 8.4.5 and below
TIBCO Rendezvous Developer Edition versions 8.4.5 and below
TIBCO Rendezvous for z/Linux versions 8.4.5 and below
TIBCO Rendezvous for z/OS versions 8.4.5 and below
TIBCO Rendezvous Network Server versions 1.1.2 and below
TIBCO Substation ES versions 2.12.0 and below
The following components are affected:
* Rendezvous Routing Daemon (rvrd)
* Rendezvous Secure Routing Daemon (rvrsd)
* Rendezvous Secure Daemon (rvsd)
* Rendezvous Cache (rvcache)
* Rendezvous Daemon Manager (rvdm)
Resolution
Solution
TIBCO has released updated versions of the affected components which address
these issues.
For each affected system, update to the corresponding software versions:
TIBCO Rendezvous versions 8.4.5 and below update to version 8.4.6 or higher
TIBCO Rendezvous Developer Edition versions 8.4.5 and below update to
version 8.4.6 or higher
TIBCO Rendezvous for z/Linux versions 8.4.5 and below update to
version 8.4.6 or higher
TIBCO Rendezvous for z/OS versions 8.4.5 and below update to
version 8.4.6 or higher
TIBCO Rendezvous Network Server versions 1.1.2 and below update to
version 1.1.3 or higher
TIBCO Substation ES versions 2.12.0 and below update to
version 2.12.1 or higher
TIBCO has released updated versions of the affected components which address
these issues.
For each affected system, update to the corresponding software versions:
TIBCO Rendezvous versions 8.4.5 and below update to version 8.4.6 or higher
TIBCO Rendezvous Developer Edition versions 8.4.5 and below update to
version 8.4.6 or higher
TIBCO Rendezvous for z/Linux versions 8.4.5 and below update to
version 8.4.6 or higher
TIBCO Rendezvous for z/OS versions 8.4.5 and below update to
version 8.4.6 or higher
TIBCO Rendezvous Network Server versions 1.1.2 and below update to
version 1.1.3 or higher
TIBCO Substation ES versions 2.12.0 and below update to
version 2.12.1 or higher
Additional Information
References
http://www.tibco.com/services/support/advisories
CVE-2018-12414
http://www.tibco.com/services/support/advisories
CVE-2018-12414
Feedback
Yes
No
Powered by
