CVE-2017-5534 HIGH

CVE-2017-5534: Improper sandboxing of a third-party component in tibbr

Vendor Tibco Software Inc.

Product tibbr Community

Published December 13, 2017

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

8.8/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

The tibbr user profiles components of tibbr Community, and tibbr Enterprise expose a weakness in an improperly sandboxed third-party component. Affected releases are TIBCO Software Inc. tibbr Community 5.2.1 and below; 6.0.0; 6.0.1; 7.0.0, tibbr Enterprise 5.2.1 and below; 6.0.0; 6.0.1; 7.0.0.

Key dates

02Disclosure timeline

December 13, 2017 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2017-5534

Identifiers

CVE CVE-2017-5534

CVSS 8.8 / HIGH

Affected versions

Vendor Tibco Software Inc.

Product tibbr Community

Affected 5.2.1 and below

Vendor Tibco Software Inc.

Product tibbr Community

Affected 6.0.0

Vendor Tibco Software Inc.

Product tibbr Community

Affected 6.0.1

Vendor Tibco Software Inc.

Product tibbr Community

Affected 7.0.0

Vendor Tibco Software Inc.

Product tibbr Enterprise

Affected 5.2.1 and below

Vendor Tibco Software Inc.

Product tibbr Enterprise

Affected 6.0.0

Vendor Tibco Software Inc.

Product tibbr Enterprise

Affected 6.0.1

Vendor Tibco Software Inc.

Product tibbr Enterprise

Affected 7.0.0