CVE-2018-12416: TIBCO DataSynapse GridServer Manager Component Vulnerable to Cross-Site Request Forgery
First published: Tue Nov 13 2018(Updated: )
The GridServer Broker and GridServer Director components of TIBCO Software Inc.'s TIBCO DataSynapse GridServer Manager contain vulnerabilities which may allow an unauthenticated user to perform cross-site request forgery (CSRF). Affected releases are TIBCO Software Inc. TIBCO DataSynapse GridServer Manager: versions up to and including 5.2.0; 6.0.0; 6.0.1; 6.0.2; 6.1.0; 6.1.1; 6.2.0; 6.3.0.
Credit: security@tibco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| TIBCO DataSynapse GridServer Manager | <=5.2.0 | |
| TIBCO DataSynapse GridServer Manager | =6.0.0 | |
| TIBCO DataSynapse GridServer Manager | =6.0.1 | |
| TIBCO DataSynapse GridServer Manager | =6.0.2 | |
| TIBCO DataSynapse GridServer Manager | =6.1.0 | |
| TIBCO DataSynapse GridServer Manager | =6.1.1 | |
| TIBCO DataSynapse GridServer Manager | =6.2.0 | |
| TIBCO DataSynapse GridServer Manager | =6.3.0 |
Remedy
TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions: TIBCO DataSynapse GridServer Manager versions 5.2.0 and below update to version 5.2.1 or higher TIBCO DataSynapse GridServer Manager versions 6.0.x, 6.1.x, 6.2.x, and 6.3.0 update to version 6.3.1 or higher
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-12416?
CVE-2018-12416 has a Medium severity rating due to its potential for cross-site request forgery (CSRF) attacks.
How do I fix CVE-2018-12416?
To mitigate CVE-2018-12416, update TIBCO DataSynapse GridServer Manager to a patched version higher than 6.3.0.
Which versions of TIBCO DataSynapse GridServer Manager are affected by CVE-2018-12416?
CVE-2018-12416 affects TIBCO DataSynapse GridServer Manager versions up to and including 6.3.0.
What is the impact of CVE-2018-12416 if exploited?
If exploited, CVE-2018-12416 allows unauthenticated users to perform actions on behalf of legitimate users due to CSRF vulnerabilities.
Is there a workaround for CVE-2018-12416?
A workaround for CVE-2018-12416 includes implementing proper CSRF protection mechanisms until a software update can be applied.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- agent/weakness
- agent/title
- agent/author
- agent/severity
- agent/description
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/remedy
- agent/first-publish-date
- agent/event
- agent/source
- vendor/tibco
- canonical/tibco datasynapse gridserver manager
- version/tibco datasynapse gridserver manager/5.2.0
- version/tibco datasynapse gridserver manager/6.0.0
- version/tibco datasynapse gridserver manager/6.0.1
- version/tibco datasynapse gridserver manager/6.0.2
- version/tibco datasynapse gridserver manager/6.1.0
- version/tibco datasynapse gridserver manager/6.1.1
- version/tibco datasynapse gridserver manager/6.2.0
- version/tibco datasynapse gridserver manager/6.3.0