TIBCO takes its security responsibilities very seriously. This page provides information about TIBCO security and how customers or security researchers can contact TIBCO to report or ask about a security issue.
TIBCO Security Advisory: June 12, 2018 - TIBCO Administrator - Enterprise Edition - 2018-5432
- TIBCO Administrator - Enterprise Edition versions 5.10.0 and below
- TIBCO Administrator - Enterprise Edition for z/Linux versions 5.9.1 and below
The following components are affected:
- TIBCO Administrator server
The TIBCO Administrator component listed above contains multiple vulnerabilities wherein a malicious user could theoretically perform cross-site scripting (XSS) attacks by way of manipulating artifacts prior to uploading them.
The impact of the vulnerability includes the theoretical possibility of a user performing operations using another user's access, including administrative functions being performed by a non-administrative user. The impact also theoretically includes access to all administrative information, including deployment variable settings ("global variables").
CVSS v3 Base Score: 8.0 (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)
TIBCO has released updated versions of the affected components which address these issues.
For each affected system, update to the corresponding software versions:
- TIBCO Administrator - Enterprise Edition versions 5.10.0 and below update to version 5.10.1 or higher
- TIBCO Administrator - Enterprise Edition for z/Linux versions 5.9.1 and below update to version 5.10.1 or higher
TIBCO would like to extend its appreciation to Baker Hamilton at Bishop Fox for discovery of this vulnerability.