CVE-2018-12413

Summary

The Schema repository server (tibschemad) component of TIBCO Software Inc.'s TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition, and TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc. TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition: 1.0.0, and TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition: 1.0.0.

Affected Software

VendorProductVersion RangeStatus
TIBCO Software Inc.TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition1.0.0affected
TIBCO Software Inc.TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition1.0.0affected

Weaknesses

  • The impact of this vulnerability includes the theoretical possibility that an attacker could gain full access to the configuration of message schemas used with an Apache Kafka deployment. With such access, the attacker could also configure Apache Kafka communications to fail.

ADP Enrichment

CVE Program Container

Additional References

References