Lucene search

[email protected]CVE-2018-12413

HistoryNov 06, 2018 - 11:29 p.m.

CVE-2018-12413

2018-11-0623:29:00

CWE-352

[email protected]

web.nvd.nist.gov

cve-2018-12413

tibco software

apache kafka

schema repository

csrf

security vulnerability

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.0%

JSON

The Schema repository server (tibschemad) component of TIBCO Software Inc.'s TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition, and TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc. TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition: 1.0.0, and TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition: 1.0.0.

Affected configurations

NVD

Node

tibcomessaging_-_apache_kafka_distribution_-_schema_repositoryMatch1.0.0community

tibcomessaging_-_apache_kafka_distribution_-_schema_repositoryMatch1.0.0enterprise

CPENameOperatorVersion
tibco:messaging_-_apache_kafka_distribution_-_schema_repositorytibco messaging - apache kafka distribution - schema repositoryeq1.0.0

CPE	Name	Operator	Version
tibco:messaging_-_apache_kafka_distribution_-_schema_repository	tibco messaging - apache kafka distribution - schema repository	eq	1.0.0

CNA Affected

[
  {
    "product": "TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "1.0.0"
      }
    ]
  },
  {
    "product": "TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "1.0.0"
      }
    ]
  }
]

References

www.securityfocus.com/bid/105874

www.tibco.com/services/support/advisories

www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-messaging-apache-kafka-distribution-schema-repository

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.0%

JSON

Related for CVE-2018-12413

prion1 nvd1 cvelist1 tibco2