CVE-2017-5536
6.3
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N
Summary
The GridServer Broker, and GridServer Director components of TIBCO Software Inc. TIBCO DataSynapse GridServer Manager contain vulnerabilities which may allow an authenticated user to perform cross-site scripting (XSS). In addition, an authenticated user could be a victim of a cross-site request forgery (CSRF) attack. Affected releases include TIBCO Software Inc.'s TIBCO DataSynapse GridServer Manager: versions up to and including 5.1.3; 6.0.0; 6.0.1; 6.0.2; 6.1.0; 6.1.1; and 6.2.0.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| TIBCO Software Inc. | TIBCO DataSynapse GridServer Manager | unspecified <= 5.1.3 | affected |
| TIBCO Software Inc. | TIBCO DataSynapse GridServer Manager | 6.0.0 | affected |
| TIBCO Software Inc. | TIBCO DataSynapse GridServer Manager | 6.0.1 | affected |
| TIBCO Software Inc. | TIBCO DataSynapse GridServer Manager | 6.0.2 | affected |
| TIBCO Software Inc. | TIBCO DataSynapse GridServer Manager | 6.1.0 | affected |
| TIBCO Software Inc. | TIBCO DataSynapse GridServer Manager | 6.1.1 | affected |
| TIBCO Software Inc. | TIBCO DataSynapse GridServer Manager | 6.2.0 | affected |
Weaknesses
- The impact of this vulnerability includes the possibility that a malicious actor could gain access to a more privileged account on the affected components or the information managed by those components.
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.