CVE-2018-5433 — XML External Entity (XXE) Injection in Software INC Tibco Administrator Enterprise Edition

CWE-611 — XML External Entity (XXE) Injection3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.2%

top 55.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tibco Software INC Tibco Administrator Enterprise Edition Tibco Software INC Tibco Administrator Enterprise Edition FOR Z Linux Tibco Administrator

Timeline

PublishedJun 13

Latest updateMay 13

Description

The TIBCO Administrator server component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, and TIBCO Administrator - Enterprise Edition for z/Linux contains vulnerabilities wherein a malicious user could perform XML external entity expansion (XXE) attacks to disclose host machine information. Affected releases are TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition: versions up to and including 5.10.0, and TIBCO Administrator - Enterprise Edition for z/Linux: versions…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5tibco_software_inc/tibco_administrator_enterprise_edition_for_z_linuxunspecified — 5.9.1

▶CVEListV5tibco_software_inc/tibco_administrator_enterprise_editionunspecified — 5.10.0

▶NVDtibco/administrator5.9.1+1

🔴Vulnerability Details

GHSA

GHSA-vqp6-x5vh-r3f7: The TIBCO Administrator server component of TIBCO Software Inc↗2022-05-13

▶

CVEList

XML eXternal Entity Expansion Vulnerabilities with TIBCO Administrator↗2018-06-13

▶