ByteOS Network

CVE Vulnerability Details :

CVE-2017-5534

PUBLISHED

More Info Official Page

Assigner-tibco

Assigner Org ID-4f830c72-39e4-45f6-a99f-78cc01ae04db

Published At-13 Dec, 2017 | 02:00

Updated At-16 Sep, 2024 | 22:30

▼CVE Numbering Authority (CNA)

Improper sandboxing of a third-party component in tibbr

The tibbr user profiles components of tibbr Community, and tibbr Enterprise expose a weakness in an improperly sandboxed third-party component. Affected releases are TIBCO Software Inc. tibbr Community 5.2.1 and below; 6.0.0; 6.0.1; 7.0.0, tibbr Enterprise 5.2.1 and below; 6.0.0; 6.0.1; 7.0.0.

Affected Products

Vendor

TIBCO (Cloud Software Group, Inc.)

Product

tibbr Community

Versions

Affected

5.2.1 and below
6.0.0
6.0.1
7.0.0

Vendor

TIBCO (Cloud Software Group, Inc.)

Product

tibbr Enterprise

Versions

Affected

5.2.1 and below
6.0.0
6.0.1
7.0.0

Problem Types

Type	CWE ID	Description
text	N/A	The impact of this vulnerability includes the ability to execute arbitrary code with the privileges of the user that invoked the tibbr server.

Metrics

Version	Base score	Base severity	Vector
3.0	8.8	HIGH	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

Hyperlink	Resource
https://www.tibco.com/support/advisories/2017/12/tibco-security-advisory-december-12-2017-tibbr-2017-5534	x_refsource_CONFIRM

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
https://www.tibco.com/support/advisories/2017/12/tibco-security-advisory-december-12-2017-tibbr-2017-5534	x_refsource_CONFIRM x_transferred

Affected Products

Affected

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References