CVE-2018-5432 — Cross-site Scripting in Software INC Tibco Administrator Enterprise Edition

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

5.4MEDIUMNVD

CNA8.0

EPSS

0.2%

top 58.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tibco Software INC Tibco Administrator Enterprise Edition Tibco Software INC Tibco Administrator Enterprise Edition FOR Z Linux Tibco Administrator

Timeline

PublishedJun 13

Latest updateMay 13

Description

The TIBCO Administrator server component of of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, and TIBCO Administrator - Enterprise Edition for z/Linux contains multiple vulnerabilities wherein a malicious user could theoretically perform cross-site scripting (XSS) attacks by way of manipulating artifacts prior to uploading them. Affected releases are TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition: versions up to and including 5.10.0, and TIBCO Administrator - Ent…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages3 packages

▶CVEListV5tibco_software_inc/tibco_administrator_enterprise_edition_for_z_linuxunspecified — 5.9.1

▶CVEListV5tibco_software_inc/tibco_administrator_enterprise_editionunspecified — 5.10.0

▶NVDtibco/administrator5.9.1+1

🔴Vulnerability Details

GHSA

GHSA-p2w2-vmmj-vmv8: The TIBCO Administrator server component of of TIBCO Software Inc↗2022-05-13

▶

CVEList

TIBCO Administrator - Enterprise Edition Cross-Site Scripting Vulnerability↗2018-06-13

▶