CVE-2018-12416

Summary

The GridServer Broker and GridServer Director components of TIBCO Software Inc.'s TIBCO DataSynapse GridServer Manager contain vulnerabilities which may allow an unauthenticated user to perform cross-site request forgery (CSRF). Affected releases are TIBCO Software Inc. TIBCO DataSynapse GridServer Manager: versions up to and including 5.2.0; 6.0.0; 6.0.1; 6.0.2; 6.1.0; 6.1.1; 6.2.0; 6.3.0.

Affected Software

VendorProductVersion RangeStatus
TIBCO Software Inc.TIBCO DataSynapse GridServer Managerunspecified <= 5.2.0affected
TIBCO Software Inc.TIBCO DataSynapse GridServer Manager6.0.0affected
TIBCO Software Inc.TIBCO DataSynapse GridServer Manager6.0.1affected
TIBCO Software Inc.TIBCO DataSynapse GridServer Manager6.0.2affected
TIBCO Software Inc.TIBCO DataSynapse GridServer Manager6.1.0affected
TIBCO Software Inc.TIBCO DataSynapse GridServer Manager6.1.1affected
TIBCO Software Inc.TIBCO DataSynapse GridServer Manager6.2.0affected
TIBCO Software Inc.TIBCO DataSynapse GridServer Manager6.3.0affected

Weaknesses

  • The impact of this vulnerability includes the theoretical possibility that a malicious actor could gain full access to the web interface of the affected components.

ADP Enrichment

CVE Program Container

Additional References

References