CVE-2020-9417
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L
Summary
The Transaction Insight reporting component of TIBCO Software Inc.'s TIBCO Foresight Archive and Retrieval System, TIBCO Foresight Archive and Retrieval System Healthcare Edition, TIBCO Foresight Operational Monitor, TIBCO Foresight Operational Monitor Healthcare Edition, TIBCO Foresight Transaction Insight, and TIBCO Foresight Transaction Insight Healthcare Edition contains a vulnerability that theoretically allows an authenticated attacker to perform SQL injection. Affected releases are TIBCO Software Inc.'s TIBCO Foresight Archive and Retrieval System: versions 5.1.0 and below, version 5.2.0, TIBCO Foresight Archive and Retrieval System Healthcare Edition: versions 5.1.0 and below, version 5.2.0, TIBCO Foresight Operational Monitor: versions 5.1.0 and below, version 5.2.0, TIBCO Foresight Operational Monitor Healthcare Edition: versions 5.1.0 and below, version 5.2.0, TIBCO Foresight Transaction Insight: versions 5.1.0 and below, version 5.2.0, and TIBCO Foresight Transaction Insight Healthcare Edition: versions 5.1.0 and below, version 5.2.0.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| TIBCO Software Inc. | TIBCO Foresight Archive and Retrieval System | unspecified <= 5.1.0 | affected |
| TIBCO Software Inc. | TIBCO Foresight Archive and Retrieval System | 5.2.0 | affected |
| TIBCO Software Inc. | TIBCO Foresight Archive and Retrieval System Healthcare Edition | unspecified <= 5.1.0 | affected |
| TIBCO Software Inc. | TIBCO Foresight Archive and Retrieval System Healthcare Edition | 5.2.0 | affected |
| TIBCO Software Inc. | TIBCO Foresight Operational Monitor | unspecified <= 5.1.0 | affected |
| TIBCO Software Inc. | TIBCO Foresight Operational Monitor | 5.2.0 | affected |
| TIBCO Software Inc. | TIBCO Foresight Operational Monitor Healthcare Edition | unspecified <= 5.1.0 | affected |
| TIBCO Software Inc. | TIBCO Foresight Operational Monitor Healthcare Edition | 5.2.0 | affected |
| TIBCO Software Inc. | TIBCO Foresight Transaction Insight | unspecified <= 5.1.0 | affected |
| TIBCO Software Inc. | TIBCO Foresight Transaction Insight | 5.2.0 | affected |
| TIBCO Software Inc. | TIBCO Foresight Transaction Insight Healthcare Edition | unspecified <= 5.1.0 | affected |
| TIBCO Software Inc. | TIBCO Foresight Transaction Insight Healthcare Edition | 5.2.0 | affected |
Weaknesses
- The impact of these vulnerabilities includes the theoretical possibility that an authenticated attacker could craft a SQL query that would allow the attacker to create records, and read, update or delete entries in a victim’s account.
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.