CVE-2018-5432

Summary

The TIBCO Administrator server component of of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, and TIBCO Administrator - Enterprise Edition for z/Linux contains multiple vulnerabilities wherein a malicious user could theoretically perform cross-site scripting (XSS) attacks by way of manipulating artifacts prior to uploading them. Affected releases are TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition: versions up to and including 5.10.0, and TIBCO Administrator - Enterprise Edition for z/Linux: versions up to and including 5.9.1.

Affected Software

VendorProductVersion RangeStatus
TIBCO Software Inc.TIBCO Administrator - Enterprise Editionunspecified <= 5.10.0affected
TIBCO Software Inc.TIBCO Administrator - Enterprise Edition for z/Linuxunspecified <= 5.9.1affected

Weaknesses

  • The impact of the vulnerability includes the theoretical possibility of a user performing operations using another user's access, including administrative functions being performed by a non-administrative user. The impact also theoretically includes access to all administrative information, including deployment variable settings ("global variables")

ADP Enrichment

CVE Program Container

Additional References

References