CVE-2022-30572 - Vulnerability Details - OpenCVE

The iWay Service Manager Console component of TIBCO Software Inc.'s TIBCO iWay Service Manager contains an easily exploitable Directory Traversal vulnerability that allows a low privileged attacker with network access to read arbitrary resources on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO iWay Service Manager: versions 8.0.6 and below.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00384.

Key SSVC decision points have not yet been added.

Vendors	Products
Tibco	Iway Service Manager

Configuration 1 [-]

cpe:2.3:a:tibco:iway_service_manager:*:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2022-52421	The iWay Service Manager Console component of TIBCO Software Inc.'s TIBCO iWay Service Manager contains an easily exploitable Directory Traversal vulnerability that allows a low privileged attacker with network access to read arbitrary resources on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO iWay Service Manager: versions 8.0.6 and below.

Fixes

Solution

TIBCO has released updated versions of the affected components which address these issues. TIBCO iWay Service Manager versions 8.0.6 and below: update to version 8.0.7 or later

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.tibco.com/services/support/advisories
https://www.tibco.com/support/advisories/2022/07/tibco-security-advisory-august-2-2022-tibco-iway-sm-cve-2022-30572

History

No history.

MITRE

Status: PUBLISHED

Assigner: tibco

Published: 2022-08-02T16:50:15.580152Z

Updated: 2024-09-17T02:47:18.987Z

Reserved: 2022-05-11T00:00:00

Link: CVE-2022-30572

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-08-02T17:15:10.923

Modified: 2024-11-21T07:02:57.320

Link: CVE-2022-30572

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "TIBCO iWay Service Manager", "vendor": "TIBCO Software Inc.", "versions": [{"lessThanOrEqual": "8.0.6", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2022-08-02T00:00:00", "descriptions": [{"lang": "en", "value": "The iWay Service Manager Console component of TIBCO Software Inc.'s TIBCO iWay Service Manager contains an easily exploitable Directory Traversal vulnerability that allows a low privileged attacker with network access to read arbitrary resources on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO iWay Service Manager: versions 8.0.6 and below."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "Successful execution of this vulnerability can result in unauthorized read access of resources on the affected system.", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-08-02T17:06:15", "orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db", "shortName": "tibco"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.tibco.com/services/support/advisories"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.tibco.com/support/advisories/2022/07/tibco-security-advisory-august-2-2022-tibco-iway-sm-cve-2022-30572"}], "solutions": [{"lang": "en", "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO iWay Service Manager versions 8.0.6 and below: update to version 8.0.7 or later"}], "source": {"discovery": "Internal"}, "title": "TIBCO iWay Service Manager Directory Traversal Vulnerability", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@tibco.com", "DATE_PUBLIC": "2022-08-02T17:00:00Z", "ID": "CVE-2022-30572", "STATE": "PUBLIC", "TITLE": "TIBCO iWay Service Manager Directory Traversal Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "TIBCO iWay Service Manager", "version": {"version_data": [{"version_affected": "<=", "version_value": "8.0.6"}]}}]}, "vendor_name": "TIBCO Software Inc."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The iWay Service Manager Console component of TIBCO Software Inc.'s TIBCO iWay Service Manager contains an easily exploitable Directory Traversal vulnerability that allows a low privileged attacker with network access to read arbitrary resources on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO iWay Service Manager: versions 8.0.6 and below."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Successful execution of this vulnerability can result in unauthorized read access of resources on the affected system."}]}]}, "references": {"reference_data": [{"name": "https://www.tibco.com/services/support/advisories", "refsource": "CONFIRM", "url": "https://www.tibco.com/services/support/advisories"}, {"name": "https://www.tibco.com/support/advisories/2022/07/tibco-security-advisory-august-2-2022-tibco-iway-sm-cve-2022-30572", "refsource": "CONFIRM", "url": "https://www.tibco.com/support/advisories/2022/07/tibco-security-advisory-august-2-2022-tibco-iway-sm-cve-2022-30572"}]}, "solution": [{"lang": "en", "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO iWay Service Manager versions 8.0.6 and below: update to version 8.0.7 or later"}], "source": {"discovery": "Internal"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T06:56:12.712Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.tibco.com/services/support/advisories"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.tibco.com/support/advisories/2022/07/tibco-security-advisory-august-2-2022-tibco-iway-sm-cve-2022-30572"}]}]}, "cveMetadata": {"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db", "assignerShortName": "tibco", "cveId": "CVE-2022-30572", "datePublished": "2022-08-02T16:50:15.580152Z", "dateReserved": "2022-05-11T00:00:00", "dateUpdated": "2024-09-17T02:47:18.987Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tibco:iway_service_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "9DB2106B-9F3F-4410-99F7-AC0DB35B8733", "versionEndExcluding": "8.0.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The iWay Service Manager Console component of TIBCO Software Inc.'s TIBCO iWay Service Manager contains an easily exploitable Directory Traversal vulnerability that allows a low privileged attacker with network access to read arbitrary resources on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO iWay Service Manager: versions 8.0.6 and below."}, {"lang": "es", "value": "El componente iWay Service Manager Console de TIBCO Software Inc.'s TIBCO iWay Service Manager contiene una vulnerabilidad f\u00e1cilmente explotable de Salto de Directorio que permite a un atacante pocos privilegiado y acceso a la red leer recursos arbitrarios en el sistema afectado. Las versiones afectadas son TIBCO iWay Service Manager de TIBCO Software Inc.: versiones 8.0.6 y anteriores"}], "id": "CVE-2022-30572", "lastModified": "2024-11-21T07:02:57.320", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security@tibco.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-02T17:15:10.923", "references": [{"source": "security@tibco.com", "tags": ["Vendor Advisory"], "url": "https://www.tibco.com/services/support/advisories"}, {"source": "security@tibco.com", "tags": ["Vendor Advisory"], "url": "https://www.tibco.com/support/advisories/2022/07/tibco-security-advisory-august-2-2022-tibco-iway-sm-cve-2022-30572"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.tibco.com/services/support/advisories"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.tibco.com/support/advisories/2022/07/tibco-security-advisory-august-2-2022-tibco-iway-sm-cve-2022-30572"}], "sourceIdentifier": "security@tibco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}