← back
CVE-2017-5530

SAML protocol handling errors in tibbr

CVSS 8.1 HIGHEPSS 0.9%
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.1EPSS 0.9%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
13 Dec 2017Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The tibbr web server components of tibbr Community, and tibbr Enterprise contain SAML protocol handling errors which may allow authorized users to impersonate other users, and therefore escalate their access privileges. Affected releases are tibbr Community 5.2.1 and below; 6.0.0; 6.0.1; 7.0.0, tibbr Enterprise 5.2.1 and below; 6.0.0; 6.0.1; 7.0.0.
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Affected products
TIBCO Software Inc. · tibbr CommunityTIBCO Software Inc. · tibbr Enterprise

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.tibco.com/support/advisories/2017/12/tibco-security-advisory-december-12-2017-tibbr-2017-5530