TIBCO Rendezvous CVE-2018-12414 Multiple Cross Site Request Forgery Vulnerabilities
BID:105871
CVE-2018-12414 |Info
TIBCO Rendezvous CVE-2018-12414 Multiple Cross Site Request Forgery Vulnerabilities
| Bugtraq ID: | 105871 |
| Class: | Input Validation Error |
| CVE: |
CVE-2018-12414 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 06 2018 12:00AM |
| Updated: | Nov 06 2018 12:00AM |
| Credit: | The vendor reported this issue. |
| Vulnerable: |
TIBCO Substation ES 2.12 TIBCO Substation ES 2.11.1 TIBCO Substation ES 2.11 TIBCO Substation ES 2.10 TIBCO Substation ES 2.9 TIBCO Substation ES 2.8.1 TIBCO Substation ES 2.8 TIBCO Rendezvous Network Server 1.1.2 TIBCO Rendezvous Network Server 1.1.1 TIBCO Rendezvous Network Server 1.1 TIBCO Rendezvous for z/OS 8.4.5 TIBCO Rendezvous for z/OS 8.4.4 TIBCO Rendezvous for z/OS 8.0 TIBCO Rendezvous for z/Linux 8.4.5 TIBCO Rendezvous for z/Linux 8.4.4 TIBCO Rendezvous for z/Linux 8.0 TIBCO Rendezvous Developer Edition 8.4.5 TIBCO Rendezvous Developer Edition 8.4.4 TIBCO Rendezvous Developer Edition 8.0 TIBCO Rendezvous 8.4.5 TIBCO Rendezvous 8.4.4 TIBCO Rendezvous 8.4.3 TIBCO Rendezvous 8.4.2 TIBCO Rendezvous 8.4.1 TIBCO Rendezvous 8.3 TIBCO Rendezvous 8.2.9 TIBCO Rendezvous 8.2.8 TIBCO Rendezvous 8.2.7 TIBCO Rendezvous 8.2.6 TIBCO Rendezvous 8.2.5 TIBCO Rendezvous 8.2.4 TIBCO Rendezvous 8.2.3 TIBCO Rendezvous 8.2.2 TIBCO Rendezvous 8.2.1 TIBCO Rendezvous 8.0.1 TIBCO Rendezvous 8.3.1 TIBCO Rendezvous 8.0 |
| Not Vulnerable: |
TIBCO Substation ES 2.12.1 TIBCO Rendezvous Network Server 1.1.3 TIBCO Rendezvous for z/OS 8.4.6 TIBCO Rendezvous for z/Linux 8.4.6 TIBCO Rendezvous Developer Edition 8.4.6 TIBCO Rendezvous 8.4.6 |
Discussion
TIBCO Rendezvous CVE-2018-12414 Multiple Cross Site Request Forgery Vulnerabilities
TIBCO Rendezvous is prone to multiple cross-site request-forgery vulnerabilities because the application fails to properly validate HTTP requests.
Exploiting these issues may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible.
The following versions are affected:
TIBCO Rendezvous 8.4.5 and prior
TIBCO Rendezvous Developer Edition 8.4.5 and prior
TIBCO Rendezvous for z/Linux 8.4.5 and prior
TIBCO Rendezvous for z/OS 8.4.5 and prior
TIBCO Rendezvous Network Server 1.1.2 and prior
TIBCO Substation ES 2.12.0 and prior
TIBCO Rendezvous is prone to multiple cross-site request-forgery vulnerabilities because the application fails to properly validate HTTP requests.
Exploiting these issues may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible.
The following versions are affected:
TIBCO Rendezvous 8.4.5 and prior
TIBCO Rendezvous Developer Edition 8.4.5 and prior
TIBCO Rendezvous for z/Linux 8.4.5 and prior
TIBCO Rendezvous for z/OS 8.4.5 and prior
TIBCO Rendezvous Network Server 1.1.2 and prior
TIBCO Substation ES 2.12.0 and prior
Exploit / POC
TIBCO Rendezvous CVE-2018-12414 Multiple Cross Site Request Forgery Vulnerabilities
An attacker can exploit this issue by enticing an unsuspecting user to follow a malicious URI.
An attacker can exploit this issue by enticing an unsuspecting user to follow a malicious URI.
Solution / Fix
TIBCO Rendezvous CVE-2018-12414 Multiple Cross Site Request Forgery Vulnerabilities
Solution:
Vendor updates are available. Please see the references for more information.
Solution:
Vendor updates are available. Please see the references for more information.
References
TIBCO Rendezvous CVE-2018-12414 Multiple Cross Site Request Forgery Vulnerabilities
References:
References:
- TIBCO Homepage (TIBCO)
- TIBCO Rendezvous Vulnerable to CSRF Attacks (TIBCO)