The realm server (tibrealmserver) component of TIBCO Software Inc. TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc. TIBCO FTL - Community Edition: versions up to and including 5.4.0, TIBCO FTL - Developer Edition: versions up to and including 5.4.0, TIBCO FTL - Enterprise Edition: versions up to and including 5.4.0.
The impact of this vulnerability includes the theoretical possibility that an attacker could gain full access to realm configuration. With such access, the attacker might also be able to gain access to all data sent to endpoints controlled by the realm server.
Type: text
CWE ID: N/A
Description: The impact of this vulnerability includes the theoretical possibility that an attacker could gain full access to realm configuration. With such access, the attacker might also be able to gain access to all data sent to endpoints controlled by the realm server.
Metrics
Version
Base score
Base severity
Vector
3.0
7.5
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Version:3.0
Base score:7.5
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC ID
Description
Solutions
TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:
TIBCO FTL - Community Edition versions 5.4.0 and below update to version 5.4.1 or higher
TIBCO FTL - Developer Edition versions 5.4.0 and below update to version 5.4.1 or higher
TIBCO FTL - Enterprise Edition versions 5.4.0 and below update to version 5.4.1 or higher.