TIBCO Formvine vulnerability

2012.10.26

Credit: Tibco

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2012-5302

CWE: N/A

CVSS Base Score: 7.5/10

Impact Subscore: 6.4/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: Partial

Integrity impact: Partial

Availability impact: Partial

TIBCO Formvine vulnerability
Original release date: Oct 23, 2012
Last revised: --
Source: TIBCO Software Inc.
Systems Affected
TIBCO Formvine versions 3.1.0 through 3.2.0
The following components are affected:
* TIBCO Formvine Server
Description
The TIBCO Formvine component listed above will fail to properly enforce
access controls in some circumstances. This may allow unauthorized users
to access or modify information.
TIBCO has released an update which addresses this issue. TIBCO strongly
recommends sites running the affected components to install the update
and take corrective action as described below.
Impact
The impact of this vulnerability may include information disclosure,
modification or deletion.
Solution
Upgrade TIBCO Formvine to version 3.2.1 or above.
References
http://www.tibco.com/mk/advisory.jsp
CVE: CVE-2012-5302

References:

http://www.tibco.com/services/support/advisories/formvine-advisory_20121023.jsp

http://www.tibco.com/multimedia/formvine-advisory-2012-10-23_tcm8-17451.txt

http://www.tibco.com/mk/advisory.jsp

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

TIBCO Formvine vulnerability

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.