CVE-2018-5434 MEDIUM

CVE-2018-5434: XML eXternal Entity Expansion Vulnerabilities with TIBCO Runtime Agent

Vendor Tibco Software Inc.
Product TIBCO Runtime Agent
Published June 13, 2018
Last update September 16, 2024

CVSS base score

5.8/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction Required
Confidentiality High
Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N

What the vulnerability does

01Description

The TIBCO Designer component of TIBCO Software Inc.'s TIBCO Runtime Agent, and TIBCO Runtime Agent for z/Linux contains vulnerabilities wherein a malicious user could perform XML external entity expansion (XXE) attacks to disclose host machine information. Affected releases are TIBCO Software Inc.'s TIBCO Runtime Agent: versions up to and including 5.10.0, and TIBCO Runtime Agent for z/Linux: versions up to and including 5.9.1.

Key dates

02Disclosure timeline

June 13, 2018 CVE published
September 16, 2024 Record updated