Lucene search

TibcoCVELIST:CVE-2018-5428

HistoryJun 20, 2018 - 12:00 a.m.

CVE-2018-5428 TIBCO Data Virtualization Command Injection Vulnerability

2018-06-2000:00:00

tibco

www.cve.org

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.9%

JSON

The version control adapters component of TIBCO Data Virtualization (formerly known as Cisco Information Server) contains vulnerabilities that may allow for arbitrary command execution. Affected releases are TIBCO Data Virtualization: 7.0.5; 7.0.6.

CNA Affected

[
  {
    "product": "TIBCO Data Virtualization",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "7.0.5"
      },
      {
        "status": "affected",
        "version": "7.0.6"
      }
    ]
  }
]

References

www.securityfocus.com/bid/104518

www.tibco.com/support/advisories/2018/06/tibco-security-advisory-june-20-2018-tibco-data-virtualization

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.9%

JSON

Related for CVELIST:CVE-2018-5428