CVE-2018-5434 — XML External Entity (XXE) Injection in Software INC Tibco Runtime Agent

CWE-611 — XML External Entity (XXE) Injection3 documents3 sources

Severity

6.5MEDIUMNVD

CNA5.8

EPSS

0.2%

top 55.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tibco Software INC Tibco Runtime Agent Tibco Software INC Tibco Runtime Agent FOR Z Linux Tibco Runtime Agent

Timeline

PublishedJun 13

Latest updateMay 13

Description

The TIBCO Designer component of TIBCO Software Inc.'s TIBCO Runtime Agent, and TIBCO Runtime Agent for z/Linux contains vulnerabilities wherein a malicious user could perform XML external entity expansion (XXE) attacks to disclose host machine information. Affected releases are TIBCO Software Inc.'s TIBCO Runtime Agent: versions up to and including 5.10.0, and TIBCO Runtime Agent for z/Linux: versions up to and including 5.9.1.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5tibco_software_inc/tibco_runtime_agent_for_z_linuxunspecified — 5.9.1

▶CVEListV5tibco_software_inc/tibco_runtime_agentunspecified — 5.10.0

▶NVDtibco/runtime_agent5.9.1+1

🔴Vulnerability Details

GHSA

GHSA-cp2r-w5fv-px97: The TIBCO Designer component of TIBCO Software Inc↗2022-05-13

▶

CVEList

XML eXternal Entity Expansion Vulnerabilities with TIBCO Runtime Agent↗2018-06-13

▶