CVE-2017-5530
8.1
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Summary
The tibbr web server components of tibbr Community, and tibbr Enterprise contain SAML protocol handling errors which may allow authorized users to impersonate other users, and therefore escalate their access privileges. Affected releases are tibbr Community 5.2.1 and below; 6.0.0; 6.0.1; 7.0.0, tibbr Enterprise 5.2.1 and below; 6.0.0; 6.0.1; 7.0.0.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| TIBCO Software Inc. | tibbr Community | 5.2.1 and below | affected |
| TIBCO Software Inc. | tibbr Community | 6.0.0 | affected |
| TIBCO Software Inc. | tibbr Community | 6.0.1 | affected |
| TIBCO Software Inc. | tibbr Community | 7.0.0 | affected |
| TIBCO Software Inc. | tibbr Enterprise | 5.2.1 and below | affected |
| TIBCO Software Inc. | tibbr Enterprise | 6.0.0 | affected |
| TIBCO Software Inc. | tibbr Enterprise | 6.0.1 | affected |
| TIBCO Software Inc. | tibbr Enterprise | 7.0.0 | affected |
Weaknesses
- The impact of this vulnerability includes, for already authorized users, the theoretical escalation of privileges to those of any other user.
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.