tibco administrator 输出中的特殊元素转义处理不恰当（注入）

admin

0
文章

0
评论

2023-12-01 15:05:43 Ali_nvd 来源：ZONE.CI 全球网 0 阅读模式

tibco administrator 输出中的特殊元素转义处理不恰当（注入）

CVE编号

CVE-2021-28829

利用情况

暂无

补丁情况

N/A

披露时间

2021-04-21

漏洞描述

The Administration GUI component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition for z/Linux, and TIBCO Administrator - Enterprise Edition for z/Linux contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a persistent CSV injection attack from the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition: versions 5.11.0 and 5.11.1, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric: versions 5.11.0 and 5.11.1, TIBCO Administrator - Enterprise Edition for z/Linux: versions 5.10.2 and below, and TIBCO Administrator - Enterprise Edition for z/Linux: versions 5.11.0 and 5.11.1.

解决建议

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
http://www.tibco.com/services/support/advisories
https://www.tibco.com/support/advisories/2021/04/tibco-security-advisory-apri...

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	应用	tibco	administrator	*		Up to (including) 5.10.2
	运行在以下环境
	应用	tibco	administrator	5.11.0	-
	运行在以下环境
	应用	tibco	administrator	5.11.1	-