Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2018-12413
PUBLISHED
More InfoOfficial Page
Assigner-tibco
Assigner Org ID-4f830c72-39e4-45f6-a99f-78cc01ae04db
View Known Exploited Vulnerability (KEV) details
Published At-07 Nov, 2018 | 00:00
Updated At-17 Sep, 2024 | 00:11
Rejected At-
▼CVE Numbering Authority (CNA)
TIBCO Messaging - Apache Kafka Distribution - Schema Repository Vulnerable to CSRF Attacks

The Schema repository server (tibschemad) component of TIBCO Software Inc.'s TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition, and TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc. TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition: 1.0.0, and TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition: 1.0.0.

Affected Products
Vendor
TIBCO (Cloud Software Group, Inc.)TIBCO Software Inc.
Product
TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition
Versions
Affected
  • 1.0.0
Vendor
TIBCO (Cloud Software Group, Inc.)TIBCO Software Inc.
Product
TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition
Versions
Affected
  • 1.0.0
Problem Types
TypeCWE IDDescription
textN/AThe impact of this vulnerability includes the theoretical possibility that an attacker could gain full access to the configuration of message schemas used with an Apache Kafka deployment. With such access, the attacker could also configure Apache Kafka communications to fail.
Metrics
VersionBase scoreBase severityVector
3.07.5HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions: TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition version 1.0.0 update to version 1.0.1 or higher TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition version 1.0.0 update to version 1.0.1 or higher.

Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.tibco.com/services/support/advisories
x_refsource_MISC
http://www.securityfocus.com/bid/105874
vdb-entry
x_refsource_BID
https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-messaging-apache-kafka-distribution-schema-repository
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.tibco.com/services/support/advisories
x_refsource_MISC
x_transferred
http://www.securityfocus.com/bid/105874
vdb-entry
x_refsource_BID
x_transferred
https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-messaging-apache-kafka-distribution-schema-repository
x_refsource_CONFIRM
x_transferred
Details not found