CVE-2018-12415
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
The Central Administration server (emsca) component of TIBCO Software Inc.'s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Enterprise Message Service: versions 8.4.0 and below, TIBCO Enterprise Message Service - Community Edition: versions 8.4.0 and below, and TIBCO Enterprise Message Service - Developer Edition: versions 8.4.0 and below.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| TIBCO Software Inc. | TIBCO Enterprise Message Service | 8.4.0 and previous | affected |
| TIBCO Software Inc. | TIBCO Enterprise Message Service - Community Edition | 8.4.0 and previous | affected |
| TIBCO Software Inc. | TIBCO Enterprise Message Service - Developer Edition | 8.4.0 and previous | affected |
Weaknesses
- In deployments of TIBCO Enterprise Message Service (EMS) that use the Central Administration server, the impact of this vulnerability includes the theoretical possibility of reconfiguring all EMS servers administered by the affected component. With such access, the attacker might also be able to gain access to all data sent via EMS.
ADP Enrichment
CVE Program Container
Additional References
- http://www.tibco.com/services/support/advisories
- https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-enterprise-messaging-service
- http://www.securityfocus.com/bid/105850
References
- http://www.tibco.com/services/support/advisories
- https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-enterprise-messaging-service
- http://www.securityfocus.com/bid/105850
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.