CVE-2018-12412

Summary

The realm server (tibrealmserver) component of TIBCO Software Inc. TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc. TIBCO FTL - Community Edition: versions up to and including 5.4.0, TIBCO FTL - Developer Edition: versions up to and including 5.4.0, TIBCO FTL - Enterprise Edition: versions up to and including 5.4.0.

Affected Software

VendorProductVersion RangeStatus
TIBCO Software Inc.TIBCO FTL - Community Editionunspecified <= 5.4.0affected
TIBCO Software Inc.TIBCO FTL - Developer Editionunspecified <= 5.4.0affected
TIBCO Software Inc.TIBCO FTL - Enterprise Editionunspecified <= 5.4.0affected

Weaknesses

  • The impact of this vulnerability includes the theoretical possibility that an attacker could gain full access to realm configuration. With such access, the attacker might also be able to gain access to all data sent to endpoints controlled by the realm server.

ADP Enrichment

CVE Program Container

Additional References

References