TIBCO Rendezvous Vulnerable to CSRF Attacks
CVE-2018-12414

7.5HIGH

Key Information:

Vendor
Tibco
Status
Tibco Rendezvous
Tibco Rendezvous Developer Edition
Tibco Rendezvous For Z/linux
Tibco Rendezvous For Z/os
Vendor
CVE Published:
6 November 2018

Summary

The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), and Rendezvous Daemon Manager (rvdm) components of TIBCO Software Inc.'s TIBCO Rendezvous, TIBCO Rendezvous Developer Edition, TIBCO Rendezvous for z/Linux, TIBCO Rendezvous for z/OS, TIBCO Rendezvous Network Server, TIBCO Substation ES contain vulnerabilities which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Rendezvous: versions up to and including 8.4.5, TIBCO Rendezvous Developer Edition: versions up to and including 8.4.5, TIBCO Rendezvous for z/Linux: versions up to and including 8.4.5, TIBCO Rendezvous for z/OS: versions up to and including 8.4.5, TIBCO Rendezvous Network Server: versions up to and including 1.1.2, and TIBCO Substation ES: versions up to and including 2.12.2.

Affected Version(s)

TIBCO Rendezvous <= 8.4.5

TIBCO Rendezvous Developer Edition <= 8.4.5

TIBCO Rendezvous for z/Linux <= 8.4.5

References

http://www.securityfocus.com/bid/105871
vdb-entryx_refsource_BID
http://www.tibco.com/services/support/advisories
x_refsource_MISC
https://www.tibco.com/support/advisories/2018/11/tibco-se...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.