CVE-2018-12415 Vulnerability Details

  /     /     /  

CVE-2018-12415 Metadata Quick Info

CVE Published: 07/11/2018 | CVE Updated: 16/09/2024 | CVE Year: 2018
Source: tibco | Vendor: TIBCO Software Inc. | Product: TIBCO Enterprise Message Service
Status : PUBLISHED

---

CVE-2018-12415 Description

The Central Administration server (emsca) component of TIBCO Software Inc.\'s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.\'s TIBCO Enterprise Message Service: versions 8.4.0 and below, TIBCO Enterprise Message Service - Community Edition: versions 8.4.0 and below, and TIBCO Enterprise Message Service - Developer Edition: versions 8.4.0 and below.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: In deployments of TIBCO Enterprise Message Service (EMS) that use the Central Administration server, the impact of this vulnerability includes the theoretical possibility of reconfiguring all EMS servers administered by the affected component. With such access, the attacker might also be able to gain access to all data sent via EMS.
Source: TIBCO Software Inc.

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).