CVE-2017-5531

{"id": "CVE-2017-5531", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "security@tibco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.0, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.1}]}, "published": "2017-10-17T20:29:00.400", "references": [{"url": "http://www.securityfocus.com/bid/101545", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security@tibco.com"}, {"url": "http://www.tibco.com/services/support/advisories", "tags": ["Vendor Advisory"], "source": "security@tibco.com"}, {"url": "https://www.tibco.com/support/advisories/2017/10/tibco-security-advisory-october-17-2017-tibco-managed-file-transfer", "tags": ["Vendor Advisory"], "source": "security@tibco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Deployments of TIBCO Managed File Transfer Command Center versions 8.0.0 and 8.0.1 and TIBCO Managed File Transfer Internet Server versions 8.0.0 and 8.0.1 that enable the Administrator Service may be affected by a vulnerability which may allow any authenticated user to gain administrative control of Managed File Transfer web applications."}, {"lang": "es", "value": "Despliegues de TIBCO Managed File Transfer Command Center en versiones 8.0.0 y 8.0.1 y TIBCO Managed File Transfer Internet Server en versiones 8.0.0 y 8.0.1 que habilitan el servicio administrador se pueden ver afectados por una vulnerabilidad que puede permitir a cualquier usuario autenticado obtener control administrativo de las aplicaciones web Managed File Transfer."}], "lastModified": "2019-10-09T23:28:22.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:tibco:managed_file_transfer_command_center:8.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9CC7F565-F7F7-4120-919B-66B106CBACB6"}, {"criteria": "cpe:2.3:a:tibco:managed_file_transfer_command_center:8.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "69A629F1-437C-44C8-9A76-99B83B35FFB1"}, {"criteria": "cpe:2.3:a:tibco:managed_file_transfer_internet_server:8.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6FF76DCF-71CD-46C3-AFC6-40B495C88253"}, {"criteria": "cpe:2.3:a:tibco:managed_file_transfer_internet_server:8.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A45C66B-F7B5-4DBD-AAE2-7A7D14605AFD"}], "operator": "OR"}]}], "sourceIdentifier": "security@tibco.com"}