CVE-2017-5535 MEDIUM

CVE-2017-5535: TIBCO DataSynapse GridServer improper use of encryption

Vendor Tibco Software Inc.
Product TIBCO DataSynapse GridServer Manager
Published May 1, 2018
Last update September 17, 2024

CVSS base score

6.8/10
Attack vector Adjacent
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

The GridServer Broker, GridServer Driver, and GridServer Engine components of TIBCO Software Inc. TIBCO DataSynapse GridServer Manager contain vulnerabilities related to both the improper use of encryption mechanisms and the use of weak ciphers. A malicious actor could theoretically compromise the traffic between any of the components. Affected releases include TIBCO Software Inc.'s TIBCO DataSynapse GridServer Manager: versions up to and including 5.1.3; 6.0.0; 6.0.1; 6.0.2; 6.1.0; 6.1.1; and 6.2.0.

Key dates

02Disclosure timeline

May 1, 2018 CVE published
September 17, 2024 Record updated