Lucene search

[email protected]CVE-2024-1137

HistoryMar 12, 2024 - 6:15 p.m.

CVE-2024-1137

2024-03-1218:15:07

[email protected]

web.nvd.nist.gov

tibco

activespaces

enterprise edition

proxy

client

vulnerability

cve-2024-1137

data traffic

security

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

The Proxy and Client components of TIBCO Software Inc.'s TIBCO ActiveSpaces - Enterprise Edition contain a vulnerability that theoretically allows an Active Spaces client to passively observe data traffic to other clients. Affected releases are TIBCO Software Inc.'s TIBCO ActiveSpaces - Enterprise Edition: versions 4.4.0 through 4.9.0.

CNA Affected

[
  {
    "defaultStatus": "unknown",
    "product": "TIBCO ActiveSpaces - Enterprise Edition",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "lessThanOrEqual": "4.9.0",
        "status": "affected",
        "version": "4.4.0",
        "versionType": "semver"
      }
    ]
  }
]

References

community.tibco.com/advisories/tibco-security-advisory-march-12-2024-tibco-activespaces-cve-2024-1137-r208/

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2024-1137

cvelist1 tibco2 prion1 nvd1