CVE-2018-12415

Summary

The Central Administration server (emsca) component of TIBCO Software Inc.'s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Enterprise Message Service: versions 8.4.0 and below, TIBCO Enterprise Message Service - Community Edition: versions 8.4.0 and below, and TIBCO Enterprise Message Service - Developer Edition: versions 8.4.0 and below.

Affected Software

VendorProductVersion RangeStatus
TIBCO Software Inc.TIBCO Enterprise Message Service8.4.0 and previousaffected
TIBCO Software Inc.TIBCO Enterprise Message Service - Community Edition8.4.0 and previousaffected
TIBCO Software Inc.TIBCO Enterprise Message Service - Developer Edition8.4.0 and previousaffected

Weaknesses

  • In deployments of TIBCO Enterprise Message Service (EMS) that use the Central Administration server, the impact of this vulnerability includes the theoretical possibility of reconfiguring all EMS servers administered by the affected component. With such access, the attacker might also be able to gain access to all data sent via EMS.

ADP Enrichment

CVE Program Container

Additional References

References