CVE-2021-28829
Published Apr 20, 2021
Last updated a year ago
Overview
- Description
- The Administration GUI component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition for z/Linux, and TIBCO Administrator - Enterprise Edition for z/Linux contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a persistent CSV injection attack from the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition: versions 5.11.0 and 5.11.1, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric: versions 5.11.0 and 5.11.1, TIBCO Administrator - Enterprise Edition for z/Linux: versions 5.10.2 and below, and TIBCO Administrator - Enterprise Edition for z/Linux: versions 5.11.0 and 5.11.1.
- Source
- security@tibco.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 8
- Impact score
- 5.9
- Exploitability score
- 2.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 6
- Impact score
- 6.4
- Exploitability score
- 6.8
- Vector string
- AV:N/AC:M/Au:S/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-74
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:administrator:*:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CCCCD52B-6905-41BD-83D9-A4B800E76BAB",
"versionEndIncluding": "5.10.2"
},
{
"criteria": "cpe:2.3:a:tibco:administrator:*:*:*:*:enterprise:silver_fabric:*:*",
"vulnerable": true,
"matchCriteriaId": "CF92E468-2FFA-4F3E-BC61-CFFC059627D9",
"versionEndIncluding": "5.10.2"
},
{
"criteria": "cpe:2.3:a:tibco:administrator:*:*:*:*:enterprise:z\\/linux:*:*",
"vulnerable": true,
"matchCriteriaId": "DA9D9C2C-1FCE-45E1-AB7A-9586C25A8969",
"versionEndIncluding": "5.10.2"
},
{
"criteria": "cpe:2.3:a:tibco:administrator:5.11.0:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C9291FEA-0386-42EF-94A6-20E599171D4C"
},
{
"criteria": "cpe:2.3:a:tibco:administrator:5.11.0:*:*:*:enterprise:silver_fabric:*:*",
"vulnerable": true,
"matchCriteriaId": "EF42B5B6-2CCD-4124-8DAB-252912F413A5"
},
{
"criteria": "cpe:2.3:a:tibco:administrator:5.11.0:*:*:*:enterprise:z\\/linux:*:*",
"vulnerable": true,
"matchCriteriaId": "A9D79741-41D8-44E7-9CD7-D3DEFE98CF57"
},
{
"criteria": "cpe:2.3:a:tibco:administrator:5.11.1:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CE3C501F-2CEB-4300-9430-E2AB43009E74"
},
{
"criteria": "cpe:2.3:a:tibco:administrator:5.11.1:*:*:*:enterprise:silver_fabric:*:*",
"vulnerable": true,
"matchCriteriaId": "CC01905D-D082-4EDF-BF82-FB69ED80664A"
},
{
"criteria": "cpe:2.3:a:tibco:administrator:5.11.1:*:*:*:enterprise:z\\/linux:*:*",
"vulnerable": true,
"matchCriteriaId": "CC640410-CCFC-4B10-AF30-157F60ABF751"
}
],
"operator": "OR"
}
]
}
]