CVE-2017-5530 HIGH

CVE-2017-5530: SAML protocol handling errors in tibbr

Vendor Tibco Software Inc.

Product tibbr Community

Published December 13, 2017

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

8.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

The tibbr web server components of tibbr Community, and tibbr Enterprise contain SAML protocol handling errors which may allow authorized users to impersonate other users, and therefore escalate their access privileges. Affected releases are tibbr Community 5.2.1 and below; 6.0.0; 6.0.1; 7.0.0, tibbr Enterprise 5.2.1 and below; 6.0.0; 6.0.1; 7.0.0.

Key dates

02Disclosure timeline

December 13, 2017 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2017-5530

Identifiers

CVE CVE-2017-5530

CVSS 8.1 / HIGH

Affected versions

Vendor Tibco Software Inc.

Product tibbr Community

Affected 5.2.1 and below

Vendor Tibco Software Inc.

Product tibbr Community

Affected 6.0.0

Vendor Tibco Software Inc.

Product tibbr Community

Affected 6.0.1

Vendor Tibco Software Inc.

Product tibbr Community

Affected 7.0.0

Vendor Tibco Software Inc.

Product tibbr Enterprise

Affected 5.2.1 and below

Vendor Tibco Software Inc.

Product tibbr Enterprise

Affected 6.0.0

Vendor Tibco Software Inc.

Product tibbr Enterprise

Affected 6.0.1

Vendor Tibco Software Inc.

Product tibbr Enterprise

Affected 7.0.0