CVE-2017-5536
MEDIUMTIBCO DataSynapse GridServer Manager <= 5.1.3 - Authenticated Cross-Site Scripting
Title source: llmDescription
The GridServer Broker, and GridServer Director components of TIBCO Software Inc. TIBCO DataSynapse GridServer Manager contain vulnerabilities which may allow an authenticated user to perform cross-site scripting (XSS). In addition, an authenticated user could be a victim of a cross-site request forgery (CSRF) attack. Affected releases include TIBCO Software Inc.'s TIBCO DataSynapse GridServer Manager: versions up to and including 5.1.3; 6.0.0; 6.0.1; 6.0.2; 6.1.0; 6.1.1; and 6.2.0.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.tibco.com/support/advisories/2018/05/security-advisory-may-1-2018-tibco-datasynapse-gridserver-2017-5536
Scores
CVSS v3
6.3
EPSS
0.0020
EPSS Percentile
41.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (7)
tibco/datasynapse_gridserver_manager
6.0.0
tibco/datasynapse_gridserver_manager
6.0.1
tibco/datasynapse_gridserver_manager
6.0.2
tibco/datasynapse_gridserver_manager
6.1.0
tibco/datasynapse_gridserver_manager
6.1.1
tibco/datasynapse_gridserver_manager
6.2.0
tibco/datasynapse_gridserver_manager
< 5.1.3
Published
May 01, 2018
Tracked Since
Feb 18, 2026