Lucene search

[email protected]CVE-2017-5530

HistoryDec 13, 2017 - 2:29 a.m.

CVE-2017-5530

2017-12-1302:29:11

[email protected]

web.nvd.nist.gov

cve-2017-5530

tibbr

web server

saml

vulnerability

cybersecurity

nvd

5.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

8.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.6%

JSON

The tibbr web server components of tibbr Community, and tibbr Enterprise contain SAML protocol handling errors which may allow authorized users to impersonate other users, and therefore escalate their access privileges. Affected releases are tibbr Community 5.2.1 and below; 6.0.0; 6.0.1; 7.0.0, tibbr Enterprise 5.2.1 and below; 6.0.0; 6.0.1; 7.0.0.

Affected configurations

NVD

Node

tibcotibbrRange≤5.2.1community

tibcotibbrMatch6.0.0community

tibcotibbrMatch6.0.1community

tibcotibbrMatch7.0.0community

Node

tibcotibbrRange≤5.2.1enterprise

tibcotibbrMatch6.0.0enterprise

tibcotibbrMatch6.0.1enterprise

tibcotibbrMatch7.0.0enterprise

CPENameOperatorVersion
tibco:tibbrtibco tibbrle5.2.1
tibco:tibbrtibco tibbreq6.0.0
tibco:tibbrtibco tibbreq6.0.1
tibco:tibbrtibco tibbreq7.0.0

CPE	Name	Operator	Version
tibco:tibbr	tibco tibbr	le	5.2.1
tibco:tibbr	tibco tibbr	eq	6.0.0
tibco:tibbr	tibco tibbr	eq	6.0.1
tibco:tibbr	tibco tibbr	eq	7.0.0

CNA Affected

[
  {
    "product": "tibbr Community",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "5.2.1 and below"
      },
      {
        "status": "affected",
        "version": "6.0.0"
      },
      {
        "status": "affected",
        "version": "6.0.1"
      },
      {
        "status": "affected",
        "version": "7.0.0"
      }
    ]
  },
  {
    "product": "tibbr Enterprise",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "5.2.1 and below"
      },
      {
        "status": "affected",
        "version": "6.0.0"
      },
      {
        "status": "affected",
        "version": "6.0.1"
      },
      {
        "status": "affected",
        "version": "7.0.0"
      }
    ]
  }
]

References

www.tibco.com/support/advisories/2017/12/tibco-security-advisory-december-12-2017-tibbr-2017-5530

5.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

8.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.6%

JSON

Related for CVE-2017-5530

nvd1 prion1 tibco2 cvelist1 openvas1