CVE-2019-11212 - OpenCVE

The MDM server component of TIBCO Software Inc's TIBCO MDM contains multiple vulnerabilities that theoretically allow an authenticated user with specific roles to perform cross-site scripting (XSS) attacks. This issue affects TIBCO Software Inc.'s TIBCO MDM version 9.0.1 and prior versions; version 9.1.0.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:S/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Tibco	Master Data Management

Configuration 1 [-]

OR	cpe:2.3:a:tibco:master_data_management::::::::
	cpe:2.3:a:tibco:master_data_management:9.1.0:::::::*

References

Link	Resource
http://www.tibco.com/services/support/advisories	Vendor Advisory
https://www.tibco.com/support/advisories/2019/10/tibco-security-advisory-october-8-2019-tibco-mdm	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: tibco

Published: 2019-10-08T00:00:00

Updated: 2019-10-09T14:15:45

Reserved: 2019-04-12T00:00:00

Link: CVE-2019-11212

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-10-09T16:15:14.123

Modified: 2019-10-10T12:38:45.240

Link: CVE-2019-11212

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"containers": {"cna": {"affected": [{"product": "TIBCO MDM", "vendor": "TIBCO Software Inc.", "versions": [{"lessThanOrEqual": "9.0.1", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"status": "affected", "version": "9.1.0"}]}], "datePublic": "2019-10-08T00:00:00", "descriptions": [{"lang": "en", "value": "The MDM server component of TIBCO Software Inc's TIBCO MDM contains multiple vulnerabilities that theoretically allow an authenticated user with specific roles to perform cross-site scripting (XSS) attacks. This issue affects TIBCO Software Inc.'s TIBCO MDM version 9.0.1 and prior versions; version 9.1.0."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "The impact of these vulnerabilities includes the theoretical possibility that a non-administrative user could gain full administrative access to the web interface of the affected component.", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-10-09T14:15:45", "orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db", "shortName": "tibco"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.tibco.com/services/support/advisories"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.tibco.com/support/advisories/2019/10/tibco-security-advisory-october-8-2019-tibco-mdm"}], "solutions": [{"lang": "en", "value": "TIBCO has released updated versions of the affected systems which address these issues:\n\nTIBCO MDM versions 9.0.1 and below update to version 9.0.2 or higher.\nTIBCO MDM version 9.1.0 update to version 9.1.2 or higher."}], "source": {"discovery": "INTERNAL"}, "title": "TIBCO MDM Exposes Cross-Site Scripting Vulnerabilities", "x_generator": {"engine": "Vulnogram 0.0.8"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@tibco.com", "DATE_PUBLIC": "2019-10-08T16:00:00.000Z", "ID": "CVE-2019-11212", "STATE": "PUBLIC", "TITLE": "TIBCO MDM Exposes Cross-Site Scripting Vulnerabilities"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "TIBCO MDM", "version": {"version_data": [{"version_affected": "<=", "version_value": "9.0.1"}, {"version_affected": "=", "version_value": "9.1.0"}]}}]}, "vendor_name": "TIBCO Software Inc."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The MDM server component of TIBCO Software Inc's TIBCO MDM contains multiple vulnerabilities that theoretically allow an authenticated user with specific roles to perform cross-site scripting (XSS) attacks. This issue affects TIBCO Software Inc.'s TIBCO MDM version 9.0.1 and prior versions; version 9.1.0."}]}, "generator": {"engine": "Vulnogram 0.0.8"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "The impact of these vulnerabilities includes the theoretical possibility that a non-administrative user could gain full administrative access to the web interface of the affected component."}]}]}, "references": {"reference_data": [{"name": "http://www.tibco.com/services/support/advisories", "refsource": "CONFIRM", "url": "http://www.tibco.com/services/support/advisories"}, {"name": "https://www.tibco.com/support/advisories/2019/10/tibco-security-advisory-october-8-2019-tibco-mdm", "refsource": "CONFIRM", "url": "https://www.tibco.com/support/advisories/2019/10/tibco-security-advisory-october-8-2019-tibco-mdm"}]}, "solution": [{"lang": "en", "value": "TIBCO has released updated versions of the affected systems which address these issues:\n\nTIBCO MDM versions 9.0.1 and below update to version 9.0.2 or higher.\nTIBCO MDM version 9.1.0 update to version 9.1.2 or higher."}], "source": {"discovery": "INTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db", "assignerShortName": "tibco", "cveId": "CVE-2019-11212", "datePublished": "2019-10-08T00:00:00", "dateReserved": "2019-04-12T00:00:00", "dateUpdated": "2019-10-09T14:15:45", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tibco:master_data_management:*:*:*:*:*:*:*:*", "matchCriteriaId": "4950AAA7-5B46-4B25-99E4-31D6460C70FF", "versionEndIncluding": "9.0.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:master_data_management:9.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "CAF9EAB6-E39B-4D8C-A56E-9826D2E49394", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The MDM server component of TIBCO Software Inc's TIBCO MDM contains multiple vulnerabilities that theoretically allow an authenticated user with specific roles to perform cross-site scripting (XSS) attacks. This issue affects TIBCO Software Inc.'s TIBCO MDM version 9.0.1 and prior versions; version 9.1.0."}, {"lang": "es", "value": "El componente del servidor MDM del TIBCO MDM de TIBCO Software Inc contiene m\u00faltiples vulnerabilidades que te\u00f3ricamente permiten a un usuario autenticado con roles espec\u00edficos realizar ataques de scripting entre sitios (XSS). Este problema afecta a la versi\u00f3n 9.0.1 de TIBCO Software Inc. TIBCO MDM y versiones anteriores; versi\u00f3n 9.1.0."}], "id": "CVE-2019-11212", "lastModified": "2019-10-10T12:38:45.240", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 4.2, "source": "security@tibco.com", "type": "Secondary"}]}, "published": "2019-10-09T16:15:14.123", "references": [{"source": "security@tibco.com", "tags": ["Vendor Advisory"], "url": "http://www.tibco.com/services/support/advisories"}, {"source": "security@tibco.com", "tags": ["Vendor Advisory"], "url": "https://www.tibco.com/support/advisories/2019/10/tibco-security-advisory-october-8-2019-tibco-mdm"}], "sourceIdentifier": "security@tibco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}