Lucene search

TibcoCVELIST:CVE-2018-5428

HistoryJun 20, 2018 - 6:00 p.m.

CVE-2018-5428 TIBCO Data Virtualization Command Injection Vulnerability

2018-06-2018:00:00

tibco

www.cve.org

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

9.2

Confidence

High

EPSS

0.001

Percentile

42.8%

JSON

The version control adapters component of TIBCO Data Virtualization (formerly known as Cisco Information Server) contains vulnerabilities that may allow for arbitrary command execution. Affected releases are TIBCO Data Virtualization: 7.0.5; 7.0.6.

CNA Affected

[
  {
    "product": "TIBCO Data Virtualization",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "7.0.5"
      },
      {
        "status": "affected",
        "version": "7.0.6"
      }
    ]
  }
]

References

www.securityfocus.com/bid/104518

www.tibco.com/support/advisories/2018/06/tibco-security-advisory-june-20-2018-tibco-data-virtualization

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

9.2

Confidence

High

EPSS

0.001

Percentile

42.8%

JSON

Related for CVELIST:CVE-2018-5428