TIBCO Silver Mobile vulnerability

2013.06.01

Credit: tibco

Risk: Medium

Local: Yes

Remote: No

CVE: CVE-2013-3315

CWE: CWE-264

CVSS Base Score: 6.5/10

Impact Subscore: 6.4/10

Exploitability Subscore: 8/10

Exploit range: Remote

Attack complexity: Low

Authentication: Single time

Confidentiality impact: Partial

Integrity impact: Partial

Availability impact: Partial

TIBCO Silver Mobile vulnerability
Original release date: May 08, 2013
Last revised: --
Source: TIBCO Software Inc.
Systems Affected
TIBCO Silver Mobile version 1.1.0
The following components are affected:
* TIBCO Silver Mobile Server
Description
The TIBCO Silver Mobile component listed above will fail to properly enforce
administrator privileges in some circumstances. This may allow unprivileged
users to execute arbitrary commands with administrator privileges.
TIBCO has released an update which addresses this issue. TIBCO strongly
recommends sites running the affected components to install the update.
Impact
The impact of this vulnerability may include information disclosure,
modification or deletion.
Solution
Upgrade TIBCO Silver Mobile to version 1.1.1 or above.
References
http://www.tibco.com/mk/advisory.jsp
CVE: CVE-2013-3315

References:

http://www.tibco.com/services/support/advisories/silver-mobile-advisory_20130508.jsp

http://www.tibco.com/multimedia/silver-mobile-advisory-2013-05-08_tcm8-18595.txt

http://www.tibco.com/mk/advisory.jsp

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

TIBCO Silver Mobile vulnerability

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.