Improper sandboxing of a third-party component in tibbr
CVE-2017-5534

8.8HIGH

Key Information:

Vendor: Tibco
Status: Tibbr Community; Tibbr Enterprise
Vendor: CVE Published:; 13 December 2017

Summary

The tibbr user profiles components of tibbr Community, and tibbr Enterprise expose a weakness in an improperly sandboxed third-party component. Affected releases are TIBCO Software Inc. tibbr Community 5.2.1 and below; 6.0.0; 6.0.1; 7.0.0, tibbr Enterprise 5.2.1 and below; 6.0.0; 6.0.1; 7.0.0.

Affected Version(s)

tibbr Community 5.2.1 and below

tibbr Community 6.0.0

tibbr Community 6.0.1

References

https://www.tibco.com/support/advisories/2017/12/tibco-se...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 13, 2017
Vulnerability Reserved
Jan 19, 2017