CVE-2018-12413
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
The Schema repository server (tibschemad) component of TIBCO Software Inc.'s TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition, and TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc. TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition: 1.0.0, and TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition: 1.0.0.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| TIBCO Software Inc. | TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition | 1.0.0 | affected |
| TIBCO Software Inc. | TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition | 1.0.0 | affected |
Weaknesses
- The impact of this vulnerability includes the theoretical possibility that an attacker could gain full access to the configuration of message schemas used with an Apache Kafka deployment. With such access, the attacker could also configure Apache Kafka communications to fail.
ADP Enrichment
CVE Program Container
Additional References
- http://www.tibco.com/services/support/advisories
- http://www.securityfocus.com/bid/105874
- https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-messaging-apache-kafka-distribution-schema-repository
References
- http://www.tibco.com/services/support/advisories
- http://www.securityfocus.com/bid/105874
- https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-messaging-apache-kafka-distribution-schema-repository
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.