Description
The GridServer Broker and GridServer Director components of TIBCO Software Inc.'s TIBCO DataSynapse GridServer Manager contain vulnerabilities which may allow an unauthenticated user to perform cross-site request forgery (CSRF). Affected releases are TIBCO Software Inc. TIBCO DataSynapse GridServer Manager: versions up to and including 5.2.0; 6.0.0; 6.0.1; 6.0.2; 6.1.0; 6.1.1; 6.2.0; 6.3.0.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/105913
Vendor Advisory x_refsource_confirm
https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-13-2018-tibco-datasynapse-gridserver-manager
Scores
CVSS v3
7.1
EPSS
0.0013
EPSS Percentile
31.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H
Details
CWE
CWE-352
Status
published
Products (8)
tibco/datasynapse_gridserver_manager
6.0.0
tibco/datasynapse_gridserver_manager
6.0.1
tibco/datasynapse_gridserver_manager
6.0.2
tibco/datasynapse_gridserver_manager
6.1.0
tibco/datasynapse_gridserver_manager
6.1.1
tibco/datasynapse_gridserver_manager
6.2.0
tibco/datasynapse_gridserver_manager
6.3.0
tibco/datasynapse_gridserver_manager
< 5.2.0
Published
Nov 13, 2018
Tracked Since
Feb 18, 2026