{"containers": {"cna": {"affected": [{"product": "TIBCO DataSynapse GridServer Manager", "vendor": "TIBCO Software Inc.", "versions": [{"lessThanOrEqual": "5.1.3", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"status": "affected", "version": "6.0.0"}, {"status": "affected", "version": "6.0.1"}, {"status": "affected", "version": "6.0.2"}, {"status": "affected", "version": "6.1.0"}, {"status": "affected", "version": "6.1.1"}, {"status": "affected", "version": "6.2.0"}]}], "datePublic": "2018-05-01T00:00:00", "descriptions": [{"lang": "en", "value": "The GridServer Broker, and GridServer Director components of TIBCO Software Inc. TIBCO DataSynapse GridServer Manager contain vulnerabilities which may allow an authenticated user to perform cross-site scripting (XSS). In addition, an authenticated user could be a victim of a cross-site request forgery (CSRF) attack. Affected releases include TIBCO Software Inc.'s TIBCO DataSynapse GridServer Manager: versions up to and including 5.1.3; 6.0.0; 6.0.1; 6.0.2; 6.1.0; 6.1.1; and 6.2.0."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "The impact of this vulnerability includes the possibility that a malicious actor could gain access to a more privileged account on the affected components or the information managed by those components.", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-05-01T17:57:01", "orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db", "shortName": "tibco"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.tibco.com/support/advisories/2018/05/security-advisory-may-1-2018-tibco-datasynapse-gridserver-2017-5536"}], "solutions": [{"lang": "en", "value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO DataSynapse GridServer Manager versions 5.1.3 and below update to version 5.2.0 or higher\nTIBCO DataSynapse GridServer Manager versions 6.0.0, 6.0.1, and 6.0.2 update to version 6.3.0 or higher\nTIBCO DataSynapse GridServer Manager versions 6.1.0, and 6.1.1 update to version 6.3.0 or higher\nTIBCO DataSynapse GridServer Manager version 6.2.0 update to version 6.3.0 or higher"}], "source": {"discovery": "UNKNOWN"}, "title": "TIBCO DataSynapse GridServer manager component vulnerable to cross-site scripting attacks", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@tibco.com", "DATE_PUBLIC": "2018-05-01T16:00:00.000Z", "ID": "CVE-2017-5536", "STATE": "PUBLIC", "TITLE": "TIBCO DataSynapse GridServer manager component vulnerable to cross-site scripting attacks"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "TIBCO DataSynapse GridServer Manager", "version": {"version_data": [{"affected": "<=", "version_affected": "<=", "version_value": "5.1.3"}, {"affected": "=", "version_affected": "=", "version_value": "6.0.0"}, {"affected": "=", "version_affected": "=", "version_value": "6.0.1"}, {"affected": "=", "version_affected": "=", "version_value": "6.0.2"}, {"affected": "=", "version_affected": "=", "version_value": "6.1.0"}, {"affected": "=", "version_affected": "=", "version_value": "6.1.1"}, {"affected": "=", "version_affected": "=", "version_value": "6.2.0"}]}}]}, "vendor_name": "TIBCO Software Inc."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The GridServer Broker, and GridServer Director components of TIBCO Software Inc. TIBCO DataSynapse GridServer Manager contain vulnerabilities which may allow an authenticated user to perform cross-site scripting (XSS). In addition, an authenticated user could be a victim of a cross-site request forgery (CSRF) attack. Affected releases include TIBCO Software Inc.'s TIBCO DataSynapse GridServer Manager: versions up to and including 5.1.3; 6.0.0; 6.0.1; 6.0.2; 6.1.0; 6.1.1; and 6.2.0."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "The impact of this vulnerability includes the possibility that a malicious actor could gain access to a more privileged account on the affected components or the information managed by those components."}]}]}, "references": {"reference_data": [{"name": "https://www.tibco.com/support/advisories/2018/05/security-advisory-may-1-2018-tibco-datasynapse-gridserver-2017-5536", "refsource": "CONFIRM", "url": "https://www.tibco.com/support/advisories/2018/05/security-advisory-may-1-2018-tibco-datasynapse-gridserver-2017-5536"}]}, "solution": [{"lang": "en", "value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO DataSynapse GridServer Manager versions 5.1.3 and below update to version 5.2.0 or higher\nTIBCO DataSynapse GridServer Manager versions 6.0.0, 6.0.1, and 6.0.2 update to version 6.3.0 or higher\nTIBCO DataSynapse GridServer Manager versions 6.1.0, and 6.1.1 update to version 6.3.0 or higher\nTIBCO DataSynapse GridServer Manager version 6.2.0 update to version 6.3.0 or higher"}], "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T15:04:15.331Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.tibco.com/support/advisories/2018/05/security-advisory-may-1-2018-tibco-datasynapse-gridserver-2017-5536"}]}]}, "cveMetadata": {"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db", "assignerShortName": "tibco", "cveId": "CVE-2017-5536", "datePublished": "2018-05-01T18:00:00Z", "dateReserved": "2017-01-19T00:00:00", "dateUpdated": "2024-09-17T03:38:41.007Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tibco:datasynapse_gridserver_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "CC2BAE6B-9ED9-42CE-99B3-9CDDF18E8017", "versionEndIncluding": "5.1.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:datasynapse_gridserver_manager:6.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "93EA58BA-253F-4B2F-9FDD-77D83D83B2B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:datasynapse_gridserver_manager:6.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "72D6224E-023B-4BE9-B0F6-C9E1E95C08FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:datasynapse_gridserver_manager:6.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "663D8FE4-19D8-4FD9-8507-4DB72E28DEE6", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:datasynapse_gridserver_manager:6.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "9562E33D-669A-47DA-B7CA-DF92BEE85163", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:datasynapse_gridserver_manager:6.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "21BE8EAE-97FE-45F4-BE02-82836C5CB737", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:datasynapse_gridserver_manager:6.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "812E2864-CFEA-4FF6-AB37-00A10FD5047E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The GridServer Broker, and GridServer Director components of TIBCO Software Inc. TIBCO DataSynapse GridServer Manager contain vulnerabilities which may allow an authenticated user to perform cross-site scripting (XSS). In addition, an authenticated user could be a victim of a cross-site request forgery (CSRF) attack. Affected releases include TIBCO Software Inc.'s TIBCO DataSynapse GridServer Manager: versions up to and including 5.1.3; 6.0.0; 6.0.1; 6.0.2; 6.1.0; 6.1.1; and 6.2.0."}, {"lang": "es", "value": "Los componentes GridServer Broker y GridServer Director en TIBCO DataSynapse GridServer Manager de TIBCO Software Inc. contienen vulnerabilidades que podr\u00edan permitir a un usuario autenticado realizar Cross-Site Scripting (XSS). Adem\u00e1s, un usuario autenticado podr\u00eda ser v\u00edctima de un ataque Cross-Site Request Forgery (CSRF). Las distribuciones afectadas de TIBCO DataSynapse GridServer Manager de TIBCO Software Inc. son: todas las versiones hasta la 5.1.3, 6.0.0, 6.0.1, 6.0.2, 6.1.0, 6.1.1 y 6.2.0."}], "id": "CVE-2017-5536", "lastModified": "2024-11-21T03:27:50.493", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.1, "impactScore": 4.2, "source": "security@tibco.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-05-01T18:29:00.540", "references": [{"source": "security@tibco.com", "tags": ["Vendor Advisory"], "url": "https://www.tibco.com/support/advisories/2018/05/security-advisory-may-1-2018-tibco-datasynapse-gridserver-2017-5536"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.tibco.com/support/advisories/2018/05/security-advisory-may-1-2018-tibco-datasynapse-gridserver-2017-5536"}], "sourceIdentifier": "security@tibco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}