TibcoCVELIST:CVE-2018-12415CVE-2018-12415 TIBCO Enterprise Message Service Vulnerable to CSRF Attacks
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
59.1%
The Central Administration server (emsca) component of TIBCO Software Inc.'s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Enterprise Message Service: versions 8.4.0 and below, TIBCO Enterprise Message Service - Community Edition: versions 8.4.0 and below, and TIBCO Enterprise Message Service - Developer Edition: versions 8.4.0 and below.
CNA Affected
[
{
"product": "TIBCO Enterprise Message Service",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "8.4.0 and previous"
}
]
},
{
"product": "TIBCO Enterprise Message Service - Community Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "8.4.0 and previous"
}
]
},
{
"product": "TIBCO Enterprise Message Service - Developer Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "8.4.0 and previous"
}
]
}
]Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
59.1%