CVE-2021-28827

Published Apr 20, 2021

Last updated a year ago

Overview

Description: The Administration GUI component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition for z/Linux, TIBCO Administrator - Enterprise Edition for z/Linux, TIBCO Runtime Agent, TIBCO Runtime Agent, TIBCO Runtime Agent for z/Linux, and TIBCO Runtime Agent for z/Linux contains an easily exploitable vulnerability that allows an unauthenticated attacker to social engineer a legitimate user with network access to execute a Stored XSS attack targeting the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition: versions 5.11.0 and 5.11.1, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric: versions 5.11.0 and 5.11.1, TIBCO Administrator - Enterprise Edition for z/Linux: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition for z/Linux: versions 5.11.0 and 5.11.1, TIBCO Runtime Agent: versions 5.10.2 and below, TIBCO Runtime Agent: versions 5.11.0 and 5.11.1, TIBCO Runtime Agent for z/Linux: versions 5.10.2 and below, and TIBCO Runtime Agent for z/Linux: versions 5.11.0 and 5.11.1.
Source: security@tibco.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.6
Impact score: 6
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-79

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:tibco:administrator:*:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CCCCD52B-6905-41BD-83D9-A4B800E76BAB",
            "versionEndIncluding": "5.10.2"
          },
          {
            "criteria": "cpe:2.3:a:tibco:administrator:*:*:*:*:enterprise:silver_fabric:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CF92E468-2FFA-4F3E-BC61-CFFC059627D9",
            "versionEndIncluding": "5.10.2"
          },
          {
            "criteria": "cpe:2.3:a:tibco:administrator:*:*:*:*:enterprise:z\\/linux:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DA9D9C2C-1FCE-45E1-AB7A-9586C25A8969",
            "versionEndIncluding": "5.10.2"
          },
          {
            "criteria": "cpe:2.3:a:tibco:administrator:5.11.0:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C9291FEA-0386-42EF-94A6-20E599171D4C"
          },
          {
            "criteria": "cpe:2.3:a:tibco:administrator:5.11.0:*:*:*:enterprise:silver_fabric:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EF42B5B6-2CCD-4124-8DAB-252912F413A5"
          },
          {
            "criteria": "cpe:2.3:a:tibco:administrator:5.11.0:*:*:*:enterprise:z\\/linux:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A9D79741-41D8-44E7-9CD7-D3DEFE98CF57"
          },
          {
            "criteria": "cpe:2.3:a:tibco:administrator:5.11.1:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CE3C501F-2CEB-4300-9430-E2AB43009E74"
          },
          {
            "criteria": "cpe:2.3:a:tibco:administrator:5.11.1:*:*:*:enterprise:silver_fabric:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CC01905D-D082-4EDF-BF82-FB69ED80664A"
          },
          {
            "criteria": "cpe:2.3:a:tibco:administrator:5.11.1:*:*:*:enterprise:z\\/linux:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CC640410-CCFC-4B10-AF30-157F60ABF751"
          },
          {
            "criteria": "cpe:2.3:a:tibco:runtime_agent:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "71C3F347-702D-4D65-BDCC-7AC931C6736C",
            "versionEndIncluding": "5.10.2"
          },
          {
            "criteria": "cpe:2.3:a:tibco:runtime_agent:*:*:*:*:*:z\\/linux:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FCAFA333-6F13-48A0-8F08-4479AB3A9DDF",
            "versionEndIncluding": "5.10.2"
          },
          {
            "criteria": "cpe:2.3:a:tibco:runtime_agent:5.11.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DC0EB030-30DA-47D4-B504-0D7C4BE71D26"
          },
          {
            "criteria": "cpe:2.3:a:tibco:runtime_agent:5.11.0:*:*:*:*:z\\/linux:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4EA0CB29-1E8E-454A-9801-065543A1C772"
          },
          {
            "criteria": "cpe:2.3:a:tibco:runtime_agent:5.11.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CEC7BD88-60FE-4855-9E2C-D45E09E10C5A"
          },
          {
            "criteria": "cpe:2.3:a:tibco:runtime_agent:5.11.1:*:*:*:*:z\\/linux:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4D588876-1E36-44BE-BFAC-76E1EDC7D771"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Configurations

References