CVE-2018-5433

Опубликовано: 13 июн. 2018

Источник: nvd

CVSS3: 6.5

CVSS2: 6.8

EPSS Низкий

Описание

The TIBCO Administrator server component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, and TIBCO Administrator - Enterprise Edition for z/Linux contains vulnerabilities wherein a malicious user could perform XML external entity expansion (XXE) attacks to disclose host machine information. Affected releases are TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition: versions up to and including 5.10.0, and TIBCO Administrator - Enterprise Edition for z/Linux: versions up to and including 5.9.1.

Ссылки

http://www.securityfocus.com/bid/104451
Third Party Advisory
VDB Entry
https://www.tibco.com/support/advisories/2018/06/security-advisory-june-12-2018-tibco-administrator-enterprise-edition-2018-5433
Vendor Advisory
http://www.securityfocus.com/bid/104451
Third Party Advisory
VDB Entry
https://www.tibco.com/support/advisories/2018/06/security-advisory-june-12-2018-tibco-administrator-enterprise-edition-2018-5433
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:tibco:administrator:*:*:*:*:enterprise:linux_kernel:*:*

Версия до 5.9.1 (включая)

cpe:2.3:a:tibco:administrator:*:*:*:*:enterprise:*:*:*

Версия до 5.10.0 (включая)

EPSS

Процентиль: 44%

0.0022

Низкий

6.5 Medium

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-611

Связанные уязвимости

GHSA-vqp6-x5vh-r3f7