CVE-2021-28828 — SQL Injection in Software INC Tibco Administrator Enterprise Edition

CWE-89 — SQL Injection3 documents3 sources

Severity

8.8HIGHNVD

CNA7.6

EPSS

0.4%

top 40.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tibco Software INC Tibco Administrator Enterprise Edition Tibco Software INC Tibco Administrator Enterprise Edition Distribution FOR Tibco Silver Fabric Tibco Software INC Tibco Administrator Enterprise Edition FOR Z Linux +1 more

Timeline

PublishedApr 20

Latest updateMay 24

Description

The Administration GUI component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition for z/Linux, and TIBCO Administrator - Enterprise Edition for z/Linux contains an easily exploitable vulnerability that allows a low privileged attacker with n…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5tibco_software_inc/tibco_administrator_enterprise_edition_distribution_for_tibco_silver_fabricunspecified — 5.10.2+2

▶CVEListV5tibco_software_inc/tibco_administrator_enterprise_edition_for_z_linuxunspecified — 5.10.2+2

▶CVEListV5tibco_software_inc/tibco_administrator_enterprise_editionunspecified — 5.10.2+2

▶NVDtibco/administrator5.10.2+2

🔴Vulnerability Details

GHSA

GHSA-9w8v-6c84-7rq3: The Administration GUI component of TIBCO Software Inc↗2022-05-24

▶

CVEList

TIBCO Administrator SQL injection vulnerability↗2021-04-20

▶