CVE-2019-17339 - OpenCVE

The VirtualRouter component of TIBCO Software Inc.'s TIBCO Silver Fabric contains a vulnerability that theoretically allows an attacker to inject scripts via URLs. The attacker could theoretically social engineer an authenticated user into submitting the URL, thus executing the script on the affected system with the privileges of the user. Affected releases are TIBCO Software Inc.'s TIBCO Silver Fabric: versions 6.0.0 and below.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Tibco	Silver Fabric

Configuration 1 [-]

cpe:2.3:a:tibco:silver_fabric:*:*:*:*:*:*:*:*

References

Link	Resource
http://www.tibco.com/services/support/advisories	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: tibco

Published: 2020-08-11T00:00:00

Updated: 2020-08-11T19:30:14

Reserved: 2019-10-07T00:00:00

Link: CVE-2019-17339

JSON object: View

NVD Information

Status : Modified

Published: 2020-08-11T20:15:11.790

Modified: 2023-11-07T03:06:16.063

Link: CVE-2019-17339

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "TIBCO Silver Fabric", "vendor": "TIBCO Software Inc.", "versions": [{"lessThanOrEqual": "6.0.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2020-08-11T00:00:00", "descriptions": [{"lang": "en", "value": "The VirtualRouter component of TIBCO Software Inc.'s TIBCO Silver Fabric contains a vulnerability that theoretically allows an attacker to inject scripts via URLs. The attacker could theoretically social engineer an authenticated user into submitting the URL, thus executing the script on the affected system with the privileges of the user. Affected releases are TIBCO Software Inc.'s TIBCO Silver Fabric: versions 6.0.0 and below."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "The impact of this vulnerability includes the possibility that an attacker could steal session tokens of the authenticated user which would allow the attacker to hijack the session and perform whatever tasks the user has permission to execute.", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-08-11T19:30:14", "orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db", "shortName": "tibco"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.tibco.com/services/support/advisories"}], "solutions": [{"lang": "en", "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Silver Fabric versions 6.0.0 and below update to version 6.0.1 or higher"}], "source": {"discovery": "USER"}, "title": "TIBCO Silver Fabric XSS vulerability", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@tibco.com", "DATE_PUBLIC": "2020-08-11T17:00:00Z", "ID": "CVE-2019-17339", "STATE": "PUBLIC", "TITLE": "TIBCO Silver Fabric XSS vulerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "TIBCO Silver Fabric", "version": {"version_data": [{"version_affected": "<=", "version_value": "6.0.0"}]}}]}, "vendor_name": "TIBCO Software Inc."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The VirtualRouter component of TIBCO Software Inc.'s TIBCO Silver Fabric contains a vulnerability that theoretically allows an attacker to inject scripts via URLs. The attacker could theoretically social engineer an authenticated user into submitting the URL, thus executing the script on the affected system with the privileges of the user. Affected releases are TIBCO Software Inc.'s TIBCO Silver Fabric: versions 6.0.0 and below."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "The impact of this vulnerability includes the possibility that an attacker could steal session tokens of the authenticated user which would allow the attacker to hijack the session and perform whatever tasks the user has permission to execute."}]}]}, "references": {"reference_data": [{"name": "http://www.tibco.com/services/support/advisories", "refsource": "CONFIRM", "url": "http://www.tibco.com/services/support/advisories"}]}, "solution": [{"lang": "en", "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Silver Fabric versions 6.0.0 and below update to version 6.0.1 or higher"}], "source": {"discovery": "USER"}}}}, "cveMetadata": {"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db", "assignerShortName": "tibco", "cveId": "CVE-2019-17339", "datePublished": "2020-08-11T00:00:00", "dateReserved": "2019-10-07T00:00:00", "dateUpdated": "2020-08-11T19:30:14", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tibco:silver_fabric:*:*:*:*:*:*:*:*", "matchCriteriaId": "5BB297A2-4617-4B9D-9D09-E972FC00CD5A", "versionEndIncluding": "6.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The VirtualRouter component of TIBCO Software Inc.'s TIBCO Silver Fabric contains a vulnerability that theoretically allows an attacker to inject scripts via URLs. The attacker could theoretically social engineer an authenticated user into submitting the URL, thus executing the script on the affected system with the privileges of the user. Affected releases are TIBCO Software Inc.'s TIBCO Silver Fabric: versions 6.0.0 and below."}, {"lang": "es", "value": "El componente VirtualRouter de TIBCO Silver Fabric de TIBCO Software Inc. contiene una vulnerabilidad que te\u00f3ricamente permite a un atacante inyectar scripts por medio de las URL. Te\u00f3ricamente, el atacante podr\u00eda dise\u00f1ar socialmente a un usuario autenticado para que env\u00ede la URL, ejecutando as\u00ed el script en el sistema afectado con los privilegios del usuario. Las versiones afectadas son TIBCO Silver Fabric de TIBCO Software Inc.: versiones 6.0.0 y anteriores"}], "id": "CVE-2019-17339", "lastModified": "2023-11-07T03:06:16.063", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.2, "source": "security@tibco.com", "type": "Secondary"}]}, "published": "2020-08-11T20:15:11.790", "references": [{"source": "security@tibco.com", "tags": ["Vendor Advisory"], "url": "http://www.tibco.com/services/support/advisories"}], "sourceIdentifier": "security@tibco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}