CVE-2018-12411
7.5
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
The administrative daemon (tibdgadmind) of TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition, TIBCO ActiveSpaces - Developer Edition, and TIBCO ActiveSpaces - Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition: 3.3.0; 3.4.0; 3.5.0, TIBCO ActiveSpaces - Developer Edition: 3.0.0; 3.1.0; 3.3.0; 3.4.0; 3.5.0, and TIBCO ActiveSpaces - Enterprise Edition: 3.0.0; 3.1.0; 3.2.0; 3.3.0; 3.4.0; 3.5.0.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| TIBCO Software Inc. | TIBCO ActiveSpaces - Community Edition | 3.3.0 | affected |
| TIBCO Software Inc. | TIBCO ActiveSpaces - Community Edition | 3.4.0 | affected |
| TIBCO Software Inc. | TIBCO ActiveSpaces - Community Edition | 3.5.0 | affected |
| TIBCO Software Inc. | TIBCO ActiveSpaces - Developer Edition | 3.0.0 | affected |
| TIBCO Software Inc. | TIBCO ActiveSpaces - Developer Edition | 3.1.0 | affected |
| TIBCO Software Inc. | TIBCO ActiveSpaces - Developer Edition | 3.3.0 | affected |
| TIBCO Software Inc. | TIBCO ActiveSpaces - Developer Edition | 3.4.0 | affected |
| TIBCO Software Inc. | TIBCO ActiveSpaces - Developer Edition | 3.5.0 | affected |
| TIBCO Software Inc. | TIBCO ActiveSpaces - Enterprise Edition | 3.0.0 | affected |
| TIBCO Software Inc. | TIBCO ActiveSpaces - Enterprise Edition | 3.1.0 | affected |
| TIBCO Software Inc. | TIBCO ActiveSpaces - Enterprise Edition | 3.2.0 | affected |
| TIBCO Software Inc. | TIBCO ActiveSpaces - Enterprise Edition | 3.3.0 | affected |
| TIBCO Software Inc. | TIBCO ActiveSpaces - Enterprise Edition | 3.4.0 | affected |
| TIBCO Software Inc. | TIBCO ActiveSpaces - Enterprise Edition | 3.5.0 | affected |
Weaknesses
- In deployments that use the administrative daemon, there is a theoretical possibility that an attacker could gain full administrative access to the data grid, including the possibility of deleting data tables, and removing nodes from operation.
ADP Enrichment
CVE Program Container
Additional References
- https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-activespaces
- http://www.tibco.com/services/support/advisories
- http://www.securityfocus.com/bid/105869
References
- https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-activespaces
- http://www.tibco.com/services/support/advisories
- http://www.securityfocus.com/bid/105869
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.