CVE-2018-12415: TIBCO Enterprise Message Service Vulnerable to CSRF Attacks
First published: Tue Nov 06 2018(Updated: )
The Central Administration server (emsca) component of TIBCO Software Inc.'s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Enterprise Message Service: versions 8.4.0 and below, TIBCO Enterprise Message Service - Community Edition: versions 8.4.0 and below, and TIBCO Enterprise Message Service - Developer Edition: versions 8.4.0 and below.
Credit: security@tibco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| TIBCO Enterprise Message Service | <=8.4.0 |
Remedy
TIBCO has released updated versions of the affected components which address these issues. TIBCO Enterprise Message Service versions 8.4.0 and below update to version 8.4.1 or higher TIBCO Enterprise Message Service - Community Edition versions 8.4.0 and below update to version 8.4.1 or higher TIBCO Enterprise Message Service - Developer Edition versions 8.4.0 and below update to version 8.4.1 or higher
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/title
- agent/author
- agent/severity
- agent/remedy
- agent/references
- agent/tags
- agent/event
- agent/description
- agent/first-publish-date
- vendor/tibco
- canonical/tibco enterprise message service
- version/tibco enterprise message service/8.4.0