TIBCO DataSynapse GridServer Manager Component Vulnerable to Cross-Site Request Forgery
CVE-2018-12416
7.1HIGH
Key Information:
- Vendor
- Tibco
- Vendor
- CVE Published:
- 13 November 2018
Summary
The GridServer Broker and GridServer Director components of TIBCO Software Inc.'s TIBCO DataSynapse GridServer Manager contain vulnerabilities which may allow an unauthenticated user to perform cross-site request forgery (CSRF). Affected releases are TIBCO Software Inc. TIBCO DataSynapse GridServer Manager: versions up to and including 5.2.0; 6.0.0; 6.0.1; 6.0.2; 6.1.0; 6.1.1; 6.2.0; 6.3.0.
Affected Version(s)
TIBCO DataSynapse GridServer Manager <= 5.2.0
TIBCO DataSynapse GridServer Manager 6.0.0
TIBCO DataSynapse GridServer Manager 6.0.1
References
CVSS V3.1
Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved