CVE-2017-5530

Summary

The tibbr web server components of tibbr Community, and tibbr Enterprise contain SAML protocol handling errors which may allow authorized users to impersonate other users, and therefore escalate their access privileges. Affected releases are tibbr Community 5.2.1 and below; 6.0.0; 6.0.1; 7.0.0, tibbr Enterprise 5.2.1 and below; 6.0.0; 6.0.1; 7.0.0.

Affected Software

VendorProductVersion RangeStatus
TIBCO Software Inc.tibbr Community5.2.1 and belowaffected
TIBCO Software Inc.tibbr Community6.0.0affected
TIBCO Software Inc.tibbr Community6.0.1affected
TIBCO Software Inc.tibbr Community7.0.0affected
TIBCO Software Inc.tibbr Enterprise5.2.1 and belowaffected
TIBCO Software Inc.tibbr Enterprise6.0.0affected
TIBCO Software Inc.tibbr Enterprise6.0.1affected
TIBCO Software Inc.tibbr Enterprise7.0.0affected

Weaknesses

  • The impact of this vulnerability includes, for already authorized users, the theoretical escalation of privileges to those of any other user.

ADP Enrichment

CVE Program Container

Additional References

References