CVE-2018-12415 — Cross-Site Request Forgery in Enterprise Message Service

CWE-352 — Cross-Site Request Forgery3 documents3 sources

Severity

8.8HIGHNVD

CNA7.5

EPSS

0.1%

top 67.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tibco Enterprise Message Service Tibco Software INC Tibco Enterprise Message Service Tibco Software INC Tibco Enterprise Message Service Community Edition +1 more

Timeline

PublishedNov 6

Latest updateMay 13

Description

The Central Administration server (emsca) component of TIBCO Software Inc.'s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Enterprise Message Service: versions 8.4.0 and below, TIBCO Enterprise Message Service - Community Edition: versions 8.4.…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5tibco_software_inc/tibco_enterprise_message_service_community_edition8.4.0 and previous

▶CVEListV5tibco_software_inc/tibco_enterprise_message_service_developer_edition8.4.0 and previous

▶CVEListV5tibco_software_inc/tibco_enterprise_message_service8.4.0 and previous

▶NVDtibco/enterprise_message_service8.4.0

🔴Vulnerability Details

GHSA

GHSA-wch7-4w8f-vg94: The Central Administration server (emsca) component of TIBCO Software Inc↗2022-05-13

▶

CVEList

TIBCO Enterprise Message Service Vulnerable to CSRF Attacks↗2018-11-07

▶