CVE-2018-12411

Summary

The administrative daemon (tibdgadmind) of TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition, TIBCO ActiveSpaces - Developer Edition, and TIBCO ActiveSpaces - Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition: 3.3.0; 3.4.0; 3.5.0, TIBCO ActiveSpaces - Developer Edition: 3.0.0; 3.1.0; 3.3.0; 3.4.0; 3.5.0, and TIBCO ActiveSpaces - Enterprise Edition: 3.0.0; 3.1.0; 3.2.0; 3.3.0; 3.4.0; 3.5.0.

Affected Software

VendorProductVersion RangeStatus
TIBCO Software Inc.TIBCO ActiveSpaces - Community Edition3.3.0affected
TIBCO Software Inc.TIBCO ActiveSpaces - Community Edition3.4.0affected
TIBCO Software Inc.TIBCO ActiveSpaces - Community Edition3.5.0affected
TIBCO Software Inc.TIBCO ActiveSpaces - Developer Edition3.0.0affected
TIBCO Software Inc.TIBCO ActiveSpaces - Developer Edition3.1.0affected
TIBCO Software Inc.TIBCO ActiveSpaces - Developer Edition3.3.0affected
TIBCO Software Inc.TIBCO ActiveSpaces - Developer Edition3.4.0affected
TIBCO Software Inc.TIBCO ActiveSpaces - Developer Edition3.5.0affected
TIBCO Software Inc.TIBCO ActiveSpaces - Enterprise Edition3.0.0affected
TIBCO Software Inc.TIBCO ActiveSpaces - Enterprise Edition3.1.0affected
TIBCO Software Inc.TIBCO ActiveSpaces - Enterprise Edition3.2.0affected
TIBCO Software Inc.TIBCO ActiveSpaces - Enterprise Edition3.3.0affected
TIBCO Software Inc.TIBCO ActiveSpaces - Enterprise Edition3.4.0affected
TIBCO Software Inc.TIBCO ActiveSpaces - Enterprise Edition3.5.0affected

Weaknesses

  • In deployments that use the administrative daemon, there is a theoretical possibility that an attacker could gain full administrative access to the data grid, including the possibility of deleting data tables, and removing nodes from operation.

ADP Enrichment

CVE Program Container

Additional References

References