TibcoCVELIST:CVE-2017-5535CVE-2017-5535 TIBCO DataSynapse GridServer improper use of encryption
6.8 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
6.7 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
26.2%
The GridServer Broker, GridServer Driver, and GridServer Engine components of TIBCO Software Inc. TIBCO DataSynapse GridServer Manager contain vulnerabilities related to both the improper use of encryption mechanisms and the use of weak ciphers. A malicious actor could theoretically compromise the traffic between any of the components. Affected releases include TIBCO Software Inc.'s TIBCO DataSynapse GridServer Manager: versions up to and including 5.1.3; 6.0.0; 6.0.1; 6.0.2; 6.1.0; 6.1.1; and 6.2.0.
CNA Affected
[
{
"product": "TIBCO DataSynapse GridServer Manager",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "5.1.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "6.0.0"
},
{
"status": "affected",
"version": "6.0.1"
},
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.1.0"
},
{
"status": "affected",
"version": "6.1.1"
},
{
"status": "affected",
"version": "6.2.0"
}
]
}
]Related
6.8 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
6.7 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
26.2%