Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2018-12411

Опубликовано: 06 нояб. 2018
Источник: nvd
CVSS3: 7.5
CVSS3: 8.8
CVSS2: 6.8
EPSS Низкий

Описание

The administrative daemon (tibdgadmind) of TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition, TIBCO ActiveSpaces - Developer Edition, and TIBCO ActiveSpaces - Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition: 3.3.0; 3.4.0; 3.5.0, TIBCO ActiveSpaces - Developer Edition: 3.0.0; 3.1.0; 3.3.0; 3.4.0; 3.5.0, and TIBCO ActiveSpaces - Enterprise Edition: 3.0.0; 3.1.0; 3.2.0; 3.3.0; 3.4.0; 3.5.0.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:tibco:activespaces:3.0.0:*:*:*:developer:*:*:*
cpe:2.3:a:tibco:activespaces:3.0.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:tibco:activespaces:3.1.0:*:*:*:developer:*:*:*
cpe:2.3:a:tibco:activespaces:3.1.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:tibco:activespaces:3.2.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:tibco:activespaces:3.3.0:*:*:*:community:*:*:*
cpe:2.3:a:tibco:activespaces:3.3.0:*:*:*:developer:*:*:*
cpe:2.3:a:tibco:activespaces:3.3.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:tibco:activespaces:3.4.0:*:*:*:community:*:*:*
cpe:2.3:a:tibco:activespaces:3.4.0:*:*:*:developer:*:*:*
cpe:2.3:a:tibco:activespaces:3.4.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:tibco:activespaces:3.5.0:*:*:*:community:*:*:*
cpe:2.3:a:tibco:activespaces:3.5.0:*:*:*:developer:*:*:*
cpe:2.3:a:tibco:activespaces:3.5.0:*:*:*:enterprise:*:*:*

EPSS

Процентиль: 37%
0.00159
Низкий

7.5 High

CVSS3

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

github логотип

GHSA-m992-6j3x-j2mh

CVSS3: 8.8
github
больше 3 лет назад

The administrative daemon (tibdgadmind) of TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition, TIBCO ActiveSpaces - Developer Edition, and TIBCO ActiveSpaces - Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition: 3.3.0; 3.4.0; 3.5.0, TIBCO ActiveSpaces - Developer Edition: 3.0.0; 3.1.0; 3.3.0; 3.4.0; 3.5.0, and TIBCO ActiveSpaces - Enterprise Edition: 3.0.0; 3.1.0; 3.2.0; 3.3.0; 3.4.0; 3.5.0.

EPSS

Процентиль: 37%
0.00159
Низкий

7.5 High

CVSS3

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-352