TIBCO takes its security responsibilities very seriously. This page provides information about TIBCO security and how customers or security researchers can contact TIBCO to report or ask about a security issue.
TIBCO Security Advisory: November 13, 2018 - TIBCO DataSynapse GridServer Manager
TIBCO DataSynapse GridServer Manager Component Vulnerable to Cross-Site Request Forgery
Original release date: November 13, 2018
Source: TIBCO Software Inc.
- TIBCO DataSynapse GridServer Manager versions 5.2.0 and below
- TIBCO DataSynapse GridServer Manager versions 6.0.x, 6.1.x, 6.2.x, and 6.3.0
The following components are affected:
- GridServer Broker
- GridServer Director
The components listed above contain vulnerabilities which may allow an unauthenticated user to perform cross-site request forgery (CSRF).
The impact of this vulnerability includes the theoretical possibility that a malicious actor could gain full access to the web interface of the affected components.
CVSS v3 Base Score: 7.1 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H)
TIBCO has released updated versions of the affected components which address these issues.
For each affected system, update to the corresponding software versions:
- TIBCO DataSynapse GridServer Manager versions 5.2.0 and below update to version 5.2.1 or higher
- TIBCO DataSynapse GridServer Manager versions 6.0.x, 6.1.x, 6.2.x, and 6.3.0 update to version 6.3.1 or higher