Show plain JSON{"containers": {"cna": {"affected": [{"product": "TIBCO Data Virtualization", "vendor": "TIBCO Software Inc.", "versions": [{"status": "affected", "version": "7.0.5"}, {"status": "affected", "version": "7.0.6"}]}], "datePublic": "2018-06-20T00:00:00", "descriptions": [{"lang": "en", "value": "The version control adapters component of TIBCO Data Virtualization (formerly known as Cisco Information Server) contains vulnerabilities that may allow for arbitrary command execution. Affected releases are TIBCO Data Virtualization: 7.0.5; 7.0.6."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "The impact of the vulnerability includes the theoretical possibility of disclosing contents of files on the host machine that are accessible to the operating system account used to run the affected component.", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-06-22T09:57:01", "orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db", "shortName": "tibco"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.tibco.com/support/advisories/2018/06/tibco-security-advisory-june-20-2018-tibco-data-virtualization"}, {"name": "104518", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/104518"}], "solutions": [{"lang": "en", "value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n* TIBCO Data Virtualization versions 7.0.5 and 7.0.6 update to version 7.0.7 or higher."}], "source": {"discovery": "USER"}, "title": "TIBCO Data Virtualization Command Injection Vulnerability", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@tibco.com", "DATE_PUBLIC": "2018-06-20T16:00:00.000Z", "ID": "CVE-2018-5428", "STATE": "PUBLIC", "TITLE": "TIBCO Data Virtualization Command Injection Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "TIBCO Data Virtualization", "version": {"version_data": [{"affected": "=", "version_affected": "=", "version_value": "7.0.5"}, {"affected": "=", "version_affected": "=", "version_value": "7.0.6"}]}}]}, "vendor_name": "TIBCO Software Inc."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The version control adapters component of TIBCO Data Virtualization (formerly known as Cisco Information Server) contains vulnerabilities that may allow for arbitrary command execution. Affected releases are TIBCO Data Virtualization: 7.0.5; 7.0.6."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "The impact of the vulnerability includes the theoretical possibility of disclosing contents of files on the host machine that are accessible to the operating system account used to run the affected component."}]}]}, "references": {"reference_data": [{"name": "https://www.tibco.com/support/advisories/2018/06/tibco-security-advisory-june-20-2018-tibco-data-virtualization", "refsource": "CONFIRM", "url": "https://www.tibco.com/support/advisories/2018/06/tibco-security-advisory-june-20-2018-tibco-data-virtualization"}, {"name": "104518", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104518"}]}, "solution": [{"lang": "en", "value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n* TIBCO Data Virtualization versions 7.0.5 and 7.0.6 update to version 7.0.7 or higher."}], "source": {"discovery": "USER"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T05:33:44.342Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.tibco.com/support/advisories/2018/06/tibco-security-advisory-june-20-2018-tibco-data-virtualization"}, {"name": "104518", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/104518"}]}]}, "cveMetadata": {"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db", "assignerShortName": "tibco", "cveId": "CVE-2018-5428", "datePublished": "2018-06-20T18:00:00Z", "dateReserved": "2018-01-12T00:00:00", "dateUpdated": "2024-09-16T17:48:24.850Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}