{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-1137", "assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db", "state": "PUBLISHED", "assignerShortName": "tibco", "dateReserved": "2024-01-31T20:34:27.115Z", "datePublished": "2024-03-12T17:31:19.481Z", "dateUpdated": "2024-10-31T14:50:46.546Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "product": "TIBCO ActiveSpaces - Enterprise Edition", "vendor": "TIBCO Software Inc.", "versions": [{"lessThanOrEqual": "4.9.0", "status": "affected", "version": "4.4.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>The Proxy and Client components of TIBCO Software Inc.'s TIBCO ActiveSpaces - Enterprise Edition contain a vulnerability that theoretically allows an Active Spaces client to passively observe data traffic to other clients. Affected releases are TIBCO Software Inc.'s TIBCO ActiveSpaces - Enterprise Edition: versions 4.4.0 through 4.9.0.</p>"}], "value": "The Proxy and Client components of TIBCO Software Inc.'s TIBCO ActiveSpaces - Enterprise Edition contain a vulnerability that theoretically allows an Active Spaces client to passively observe data traffic to other clients. Affected releases are TIBCO Software Inc.'s TIBCO ActiveSpaces - Enterprise Edition: versions 4.4.0 through 4.9.0.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"description": "This impact of this vulnerability includes the theoretical possibility of bypassing table access controls. The attacker cannot actively make queries, but may observe the results of queries by other clients, even though the attacker does not have permission to access that data.", "lang": "en"}]}], "providerMetadata": {"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db", "shortName": "tibco", "dateUpdated": "2024-03-12T17:31:19.481Z"}, "references": [{"url": "https://community.tibco.com/advisories/tibco-security-advisory-march-12-2024-tibco-activespaces-cve-2024-1137-r208/"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>TIBCO has released updated versions of the affected components which address these issues.</p><p>TIBCO ActiveSpaces - Enterprise Edition versions 4.4.0 through 4.9.0: update to version 4.9.1 or later</p>"}], "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO ActiveSpaces - Enterprise Edition versions 4.4.0 through 4.9.0: update to version 4.9.1 or later\n\n"}], "title": "TIBCO ActiveSpaces Information Leak Vulnerability"}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-862", "lang": "en", "description": "CWE-862 Missing Authorization"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-03-13T15:02:45.990494Z", "id": "CVE-2024-1137", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-31T14:50:46.546Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:26:30.510Z"}, "title": "CVE Program Container", "references": [{"url": "https://community.tibco.com/advisories/tibco-security-advisory-march-12-2024-tibco-activespaces-cve-2024-1137-r208/", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-1137", "assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db", "state": "PUBLISHED", "assignerShortName": "tibco", "dateReserved": "2024-01-31T20:34:27.115Z", "datePublished": "2024-03-12T17:31:19.481Z", "dateUpdated": "2024-10-31T14:50:46.546Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "product": "TIBCO ActiveSpaces - Enterprise Edition", "vendor": "TIBCO Software Inc.", "versions": [{"lessThanOrEqual": "4.9.0", "status": "affected", "version": "4.4.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>The Proxy and Client components of TIBCO Software Inc.'s TIBCO ActiveSpaces - Enterprise Edition contain a vulnerability that theoretically allows an Active Spaces client to passively observe data traffic to other clients. Affected releases are TIBCO Software Inc.'s TIBCO ActiveSpaces - Enterprise Edition: versions 4.4.0 through 4.9.0.</p>"}], "value": "The Proxy and Client components of TIBCO Software Inc.'s TIBCO ActiveSpaces - Enterprise Edition contain a vulnerability that theoretically allows an Active Spaces client to passively observe data traffic to other clients. Affected releases are TIBCO Software Inc.'s TIBCO ActiveSpaces - Enterprise Edition: versions 4.4.0 through 4.9.0.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"description": "This impact of this vulnerability includes the theoretical possibility of bypassing table access controls. The attacker cannot actively make queries, but may observe the results of queries by other clients, even though the attacker does not have permission to access that data.", "lang": "en"}]}], "providerMetadata": {"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db", "shortName": "tibco", "dateUpdated": "2024-03-12T17:31:19.481Z"}, "references": [{"url": "https://community.tibco.com/advisories/tibco-security-advisory-march-12-2024-tibco-activespaces-cve-2024-1137-r208/"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>TIBCO has released updated versions of the affected components which address these issues.</p><p>TIBCO ActiveSpaces - Enterprise Edition versions 4.4.0 through 4.9.0: update to version 4.9.1 or later</p>"}], "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO ActiveSpaces - Enterprise Edition versions 4.4.0 through 4.9.0: update to version 4.9.1 or later\n\n"}], "title": "TIBCO ActiveSpaces Information Leak Vulnerability"}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:26:30.510Z"}, "title": "CVE Program Container", "references": [{"url": "https://community.tibco.com/advisories/tibco-security-advisory-march-12-2024-tibco-activespaces-cve-2024-1137-r208/", "tags": ["x_transferred"]}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-1137", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-13T15:02:45.990494Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:17.328Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Proxy and Client components of TIBCO Software Inc.'s TIBCO ActiveSpaces - Enterprise Edition contain a vulnerability that theoretically allows an Active Spaces client to passively observe data traffic to other clients. Affected releases are TIBCO Software Inc.'s TIBCO ActiveSpaces - Enterprise Edition: versions 4.4.0 through 4.9.0.\n\n"}, {"lang": "es", "value": "Los componentes Proxy y Cliente de TIBCO ActiveSpaces - Enterprise Edition de TIBCO Software Inc. contienen una vulnerabilidad que, en teor\u00eda, permite a un cliente de Active Spaces observar pasivamente el tr\u00e1fico de datos hacia otros clientes. Las versiones afectadas son TIBCO ActiveSpaces - Enterprise Edition de TIBCO Software Inc.: versiones 4.4.0 a 4.9.0."}], "id": "CVE-2024-1137", "lastModified": "2024-10-31T15:35:20.503", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@tibco.com", "type": "Secondary"}]}, "published": "2024-03-12T18:15:07.110", "references": [{"source": "security@tibco.com", "url": "https://community.tibco.com/advisories/tibco-security-advisory-march-12-2024-tibco-activespaces-cve-2024-1137-r208/"}], "sourceIdentifier": "security@tibco.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}