CVE-2018-12416 HIGH

CVE-2018-12416: TIBCO DataSynapse GridServer Manager Component Vulnerable to Cross-Site Request Forgery

Vendor Tibco Software Inc.
Product TIBCO DataSynapse GridServer Manager
Published November 13, 2018
Last update September 16, 2024

CVSS base score

7.1/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality Low
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H

What the vulnerability does

01Description

The GridServer Broker and GridServer Director components of TIBCO Software Inc.'s TIBCO DataSynapse GridServer Manager contain vulnerabilities which may allow an unauthenticated user to perform cross-site request forgery (CSRF). Affected releases are TIBCO Software Inc. TIBCO DataSynapse GridServer Manager: versions up to and including 5.2.0; 6.0.0; 6.0.1; 6.0.2; 6.1.0; 6.1.1; 6.2.0; 6.3.0.

Key dates

02Disclosure timeline

November 13, 2018 CVE published
September 16, 2024 Record updated