CVE-2017-5536

Summary

The GridServer Broker, and GridServer Director components of TIBCO Software Inc. TIBCO DataSynapse GridServer Manager contain vulnerabilities which may allow an authenticated user to perform cross-site scripting (XSS). In addition, an authenticated user could be a victim of a cross-site request forgery (CSRF) attack. Affected releases include TIBCO Software Inc.'s TIBCO DataSynapse GridServer Manager: versions up to and including 5.1.3; 6.0.0; 6.0.1; 6.0.2; 6.1.0; 6.1.1; and 6.2.0.

Affected Software

VendorProductVersion RangeStatus
TIBCO Software Inc.TIBCO DataSynapse GridServer Managerunspecified <= 5.1.3affected
TIBCO Software Inc.TIBCO DataSynapse GridServer Manager6.0.0affected
TIBCO Software Inc.TIBCO DataSynapse GridServer Manager6.0.1affected
TIBCO Software Inc.TIBCO DataSynapse GridServer Manager6.0.2affected
TIBCO Software Inc.TIBCO DataSynapse GridServer Manager6.1.0affected
TIBCO Software Inc.TIBCO DataSynapse GridServer Manager6.1.1affected
TIBCO Software Inc.TIBCO DataSynapse GridServer Manager6.2.0affected

Weaknesses

  • The impact of this vulnerability includes the possibility that a malicious actor could gain access to a more privileged account on the affected components or the information managed by those components.

ADP Enrichment

CVE Program Container

Additional References

References