1. Home
  2. CVE Database
  3. CVE-2017-5536
MEDIUM · 6.3

CVE-2017-5536

The GridServer Broker, and GridServer Director components of TIBCO Software Inc. TIBCO DataSynapse GridServer Manager contain vulnerabilities which may allow an authenticated user to perform cross-sit...

Vulnerability Description

The GridServer Broker, and GridServer Director components of TIBCO Software Inc. TIBCO DataSynapse GridServer Manager contain vulnerabilities which may allow an authenticated user to perform cross-site scripting (XSS). In addition, an authenticated user could be a victim of a cross-site request forgery (CSRF) attack. Affected releases include TIBCO Software Inc.'s TIBCO DataSynapse GridServer Manager: versions up to and including 5.1.3; 6.0.0; 6.0.1; 6.0.2; 6.1.0; 6.1.1; and 6.2.0.

CVSS Score

6.3

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
LOW
Availability
NONE

Affected Products

VendorProductVersions
TibcoDatasynapse Gridserver Manager<= 5.1.3

Related Weaknesses (CWE)

CWE-79

References

FAQ

What is CVE-2017-5536?

CVE-2017-5536 is a vulnerability with a CVSS score of 6.3 (MEDIUM). The GridServer Broker, and GridServer Director components of TIBCO Software Inc. TIBCO DataSynapse GridServer Manager contain vulnerabilities which may allow an authenticated user to perform cross-sit...

How severe is CVE-2017-5536?

CVE-2017-5536 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-5536?

Check the references section above for vendor advisories and patch information. Affected products include: Tibco Datasynapse Gridserver Manager.