Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2019-8991
PUBLISHED
More InfoOfficial Page
Assigner-tibco
Assigner Org ID-4f830c72-39e4-45f6-a99f-78cc01ae04db
View Known Exploited Vulnerability (KEV) details
Published At-24 Apr, 2019 | 20:20
Updated At-16 Sep, 2024 | 18:39
Rejected At-
▼CVE Numbering Authority (CNA)
TIBCO Active Matrix Service Grid Administrator With Multiple Cross-Site Scripting and Cross-Site Request Forgery Vulnerabilities

The administrator web interface of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Service Grid, TIBCO Silver Fabric Enabler for ActiveMatrix BPM, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid contains multiple vulnerabilities that may allow for cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.'s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, TIBCO ActiveMatrix Policy Director: versions up to and including 1.1.0, TIBCO ActiveMatrix Service Bus: versions up to and including 3.3.0, TIBCO ActiveMatrix Service Grid: versions up to and including 3.3.1, TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid: versions up to and including 1.3.1.

Affected Products
Vendor
TIBCO (Cloud Software Group, Inc.)TIBCO Software Inc.
Product
TIBCO ActiveMatrix BPM
Versions
Affected
  • From unspecified through 4.2.0 (custom)
Vendor
TIBCO (Cloud Software Group, Inc.)TIBCO Software Inc.
Product
TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric
Versions
Affected
  • From unspecified through 4.2.0 (custom)
Vendor
TIBCO (Cloud Software Group, Inc.)TIBCO Software Inc.
Product
TIBCO ActiveMatrix Policy Director
Versions
Affected
  • From unspecified through 1.1.0 (custom)
Vendor
TIBCO (Cloud Software Group, Inc.)TIBCO Software Inc.
Product
TIBCO ActiveMatrix Service Bus
Versions
Affected
  • From unspecified through 3.3.0 (custom)
Vendor
TIBCO (Cloud Software Group, Inc.)TIBCO Software Inc.
Product
TIBCO ActiveMatrix Service Grid
Versions
Affected
  • From unspecified through 3.3.1 (custom)
Vendor
TIBCO (Cloud Software Group, Inc.)TIBCO Software Inc.
Product
TIBCO Silver Fabric Enabler for ActiveMatrix BPM
Versions
Affected
  • From unspecified through 1.4.1 (custom)
Vendor
TIBCO (Cloud Software Group, Inc.)TIBCO Software Inc.
Product
TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid
Versions
Affected
  • From unspecified through 1.3.1 (custom)
Problem Types
TypeCWE IDDescription
textN/AThe impact of these vulnerabilities includes the theoretical possibility that an unprivileged remote attacker could gain full access to all the capabilities of the web interface of the TIBCO ActiveMatrix Administrator.
Metrics
VersionBase scoreBase severityVector
3.08.8HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions: TIBCO ActiveMatrix BPM versions 4.2.0 and below update to version 4.3.0 or higher TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric versions 4.2.0 and below update to 4.3.0 or higher TIBCO ActiveMatrix Policy Director versions 1.1.0 and below update to version 2.0.0 or higher. Due to the scheduled retirement of this product in early 2021, customers are strongly encouraged to contact TIBCO Support in order to explore alternative paths for remediation. TIBCO ActiveMatrix Service Bus versions 3.3.0 and below update to TIBCO ActiveMatrix Service Grid version 3.4.0 or higher (product functionality has been consolidated) TIBCO ActiveMatrix Service Grid versions 3.3.1 and below update to version 3.4.0 or higher TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric versions 3.3.0 and below update to version 3.4.0 or higher TIBCO Silver Fabric Enabler for ActiveMatrix BPM versions 1.4.1 and below update to version 1.4.2 or higher TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid versions 1.3.1 and below update to version 1.3.2 or higher

Configurations
Workarounds
Exploits
Credits
TIBCO would like to extend its appreciation to Giulio Comi and Flavio Baldassi of Horizon Security for discovery of these vulnerabilities.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.tibco.com/services/support/advisories
x_refsource_MISC
https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-24-2019-tibco-active-matrix-service-grid-2019-8991
x_refsource_MISC
http://www.securityfocus.com/bid/108059
vdb-entry
x_refsource_BID
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.tibco.com/services/support/advisories
x_refsource_MISC
x_transferred
https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-24-2019-tibco-active-matrix-service-grid-2019-8991
x_refsource_MISC
x_transferred
http://www.securityfocus.com/bid/108059
vdb-entry
x_refsource_BID
x_transferred
Details not found