OpenCVE

The TIBCO Administrator server component of of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, and TIBCO Administrator - Enterprise Edition for z/Linux contains multiple vulnerabilities wherein a malicious user could theoretically perform cross-site scripting (XSS) attacks by way of manipulating artifacts prior to uploading them. Affected releases are TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition: versions up to and including 5.10.0, and TIBCO Administrator - Enterprise Edition for z/Linux: versions up to and including 5.9.1.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:S/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Tibco	Administrator

Configuration 1 [-]

OR	cpe:2.3:a:tibco:administrator:::::enterprise:linux_kernel::
	cpe:2.3:a:tibco:administrator:::::enterprise:::*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/104458
https://www.tibco.com/support/advisories/2018/06/security-advisory-june-12-2018-tibco-administrator-enterprise-edition-2018-5432

History

No history.

MITRE

Status: PUBLISHED

Assigner: tibco

Published: 2018-06-13T13:00:00Z

Updated: 2024-09-17T02:05:57.067Z

Reserved: 2018-01-12T00:00:00

Link: CVE-2018-5432

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-06-13T13:29:00.420

Modified: 2024-11-21T04:08:47.450

Link: CVE-2018-5432

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "TIBCO Administrator - Enterprise Edition", "vendor": "TIBCO Software Inc.", "versions": [{"lessThanOrEqual": "5.10.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "TIBCO Administrator - Enterprise Edition for z/Linux", "vendor": "TIBCO Software Inc.", "versions": [{"lessThanOrEqual": "5.9.1", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "TIBCO would like to extend its appreciation to Baker Hamilton at Bishop Fox for discovery of this vulnerability."}], "datePublic": "2018-06-12T00:00:00", "descriptions": [{"lang": "en", "value": "The TIBCO Administrator server component of of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, and TIBCO Administrator - Enterprise Edition for z/Linux contains multiple vulnerabilities wherein a malicious user could theoretically perform cross-site scripting (XSS) attacks by way of manipulating artifacts prior to uploading them. Affected releases are TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition: versions up to and including 5.10.0, and TIBCO Administrator - Enterprise Edition for z/Linux: versions up to and including 5.9.1."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "The impact of the vulnerability includes the theoretical possibility of a user performing operations using another user's access, including administrative functions being performed by a non-administrative user. The impact also theoretically includes access to all administrative information, including deployment variable settings (\"global variables\")", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-06-14T09:57:01", "orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db", "shortName": "tibco"}, "references": [{"name": "104458", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/104458"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.tibco.com/support/advisories/2018/06/security-advisory-june-12-2018-tibco-administrator-enterprise-edition-2018-5432"}], "solutions": [{"lang": "en", "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nFor each affected system, update to the corresponding software versions:\nTIBCO Administrator - Enterprise Edition versions 5.10.0 and below update to version 5.10.1 or higher\nTIBCO Administrator - Enterprise Edition for z/Linux versions 5.9.1 and below update to version 5.10.1 or higher"}], "source": {"discovery": "EXTERNAL"}, "title": "TIBCO Administrator - Enterprise Edition Cross-Site Scripting Vulnerability", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@tibco.com", "DATE_PUBLIC": "2018-06-12T16:00:00.000Z", "ID": "CVE-2018-5432", "STATE": "PUBLIC", "TITLE": "TIBCO Administrator - Enterprise Edition Cross-Site Scripting Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "TIBCO Administrator - Enterprise Edition", "version": {"version_data": [{"affected": "<=", "version_affected": "<=", "version_value": "5.10.0"}]}}, {"product_name": "TIBCO Administrator - Enterprise Edition for z/Linux", "version": {"version_data": [{"affected": "<=", "version_affected": "<=", "version_value": "5.9.1"}]}}]}, "vendor_name": "TIBCO Software Inc."}]}}, "credit": [{"lang": "eng", "value": "TIBCO would like to extend its appreciation to Baker Hamilton at Bishop Fox for discovery of this vulnerability."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The TIBCO Administrator server component of of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, and TIBCO Administrator - Enterprise Edition for z/Linux contains multiple vulnerabilities wherein a malicious user could theoretically perform cross-site scripting (XSS) attacks by way of manipulating artifacts prior to uploading them. Affected releases are TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition: versions up to and including 5.10.0, and TIBCO Administrator - Enterprise Edition for z/Linux: versions up to and including 5.9.1."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "The impact of the vulnerability includes the theoretical possibility of a user performing operations using another user's access, including administrative functions being performed by a non-administrative user. The impact also theoretically includes access to all administrative information, including deployment variable settings (\"global variables\")"}]}]}, "references": {"reference_data": [{"name": "104458", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104458"}, {"name": "https://www.tibco.com/support/advisories/2018/06/security-advisory-june-12-2018-tibco-administrator-enterprise-edition-2018-5432", "refsource": "CONFIRM", "url": "https://www.tibco.com/support/advisories/2018/06/security-advisory-june-12-2018-tibco-administrator-enterprise-edition-2018-5432"}]}, "solution": [{"lang": "en", "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nFor each affected system, update to the corresponding software versions:\nTIBCO Administrator - Enterprise Edition versions 5.10.0 and below update to version 5.10.1 or higher\nTIBCO Administrator - Enterprise Edition for z/Linux versions 5.9.1 and below update to version 5.10.1 or higher"}], "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T05:33:44.377Z"}, "title": "CVE Program Container", "references": [{"name": "104458", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/104458"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.tibco.com/support/advisories/2018/06/security-advisory-june-12-2018-tibco-administrator-enterprise-edition-2018-5432"}]}]}, "cveMetadata": {"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db", "assignerShortName": "tibco", "cveId": "CVE-2018-5432", "datePublished": "2018-06-13T13:00:00Z", "dateReserved": "2018-01-12T00:00:00", "dateUpdated": "2024-09-17T02:05:57.067Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tibco:administrator:*:*:*:*:enterprise:linux_kernel:*:*", "matchCriteriaId": "529B18F0-A49F-49E6-B572-59061C9A3A91", "versionEndIncluding": "5.9.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:administrator:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "07ABB1CE-5288-4A3C-B6E1-1ED0C379DCDC", "versionEndIncluding": "5.10.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The TIBCO Administrator server component of of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, and TIBCO Administrator - Enterprise Edition for z/Linux contains multiple vulnerabilities wherein a malicious user could theoretically perform cross-site scripting (XSS) attacks by way of manipulating artifacts prior to uploading them. Affected releases are TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition: versions up to and including 5.10.0, and TIBCO Administrator - Enterprise Edition for z/Linux: versions up to and including 5.9.1."}, {"lang": "es", "value": "El componente del servidor TIBCO Administrator de TIBCO Administrator - Enterprise Edition y TIBCO Administrator - Enterprise Edition para z/Linux, de TIBCO Software Inc., contiene m\u00faltiples vulnerabilidades por las que un usuario malicioso podr\u00eda, te\u00f3ricamente, realizar ataques de Cross-Site Scripting (XSS) manipulando artefactos antes de subirlos. Las versiones afectadas de los productos de TIBCO Software Inc. son TIBCO Administrator - Enterprise Edition: hasta e incluyendo la versi\u00f3n 5.10.0 y TIBCO Administrator - Enterprise Edition para z/Linux: hasta e incluyendo la versi\u00f3n 5.9.1."}], "id": "CVE-2018-5432", "lastModified": "2024-11-21T04:08:47.450", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.1, "impactScore": 5.9, "source": "security@tibco.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-06-13T13:29:00.420", "references": [{"source": "security@tibco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/104458"}, {"source": "security@tibco.com", "tags": ["Vendor Advisory"], "url": "https://www.tibco.com/support/advisories/2018/06/security-advisory-june-12-2018-tibco-administrator-enterprise-edition-2018-5432"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/104458"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.tibco.com/support/advisories/2018/06/security-advisory-june-12-2018-tibco-administrator-enterprise-edition-2018-5432"}], "sourceIdentifier": "security@tibco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}