Description
The tibbr web server components of tibbr Community, and tibbr Enterprise contain SAML protocol handling errors which may allow authorized users to impersonate other users, and therefore escalate their access privileges. Affected releases are tibbr Community 5.2.1 and below; 6.0.0; 6.0.1; 7.0.0, tibbr Enterprise 5.2.1 and below; 6.0.0; 6.0.1; 7.0.0.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.tibco.com/support/advisories/2017/12/tibco-security-advisory-december-12-2017-tibbr-2017-5530
Scores
CVSS v3
8.1
EPSS
0.0029
EPSS Percentile
52.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Details
Status
published
Products (12)
tibco/tibbr
6.0.0 (2 CPE variants)
tibco/tibbr
6.0.1 (2 CPE variants)
tibco/tibbr
7.0.0 (2 CPE variants)
tibco/tibbr
< 5.2.1 (2 CPE variants)
TIBCO Software Inc./tibbr Community
5.2.1 and below
TIBCO Software Inc./tibbr Community
6.0.0
TIBCO Software Inc./tibbr Community
6.0.1
TIBCO Software Inc./tibbr Community
7.0.0
TIBCO Software Inc./tibbr Enterprise
5.2.1 and below
TIBCO Software Inc./tibbr Enterprise
6.0.0
... and 2 more
Published
Dec 13, 2017
Tracked Since
Feb 18, 2026