CVE-2021-28829
The Administration GUI component of TIBCO Software Inc.’s TIBCO Administrator – Enterprise Edition, TIBCO Administrator – Enterprise Edition, TIBCO Administrator – Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator – Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator – Enterprise Edition for z/Linux, and TIBCO Administrator – Enterprise Edition for z/Linux contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a persistent CSV injection attack from the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.’s TIBCO Administrator – Enterprise Edition: versions 5.10.2 and below, TIBCO Administrator – Enterprise Edition: versions 5.11.0 and 5.11.1, TIBCO Administrator – Enterprise Edition Distribution for TIBCO Silver Fabric: versions 5.10.2 and below, TIBCO Administrator – Enterprise Edition Distribution for TIBCO Silver Fabric: versions 5.11.0 and 5.11.1, TIBCO Administrator – Enterprise Edition for z/Linux: versions 5.10.2 and below, and TIBCO Administrator – Enterprise Edition for z/Linux: versions 5.11.0 and 5.11.1.
Date published : 2021-04-20