CVE-2020-9417 Information

Description

The Transaction Insight reporting component of TIBCO Software Inc.’s TIBCO Foresight Archive and Retrieval System TIBCO Foresight Archive and Retrieval System Healthcare Edition TIBCO Foresight Operational Monitor TIBCO Foresight Operational Monitor Healthcare Edition TIBCO Foresight Transaction Insight and TIBCO Foresight Transaction Insight Healthcare Edition contains a vulnerability that theoretically allows an authenticated attacker to perform SQL injection. Affected releases are TIBCO Software Inc.’s TIBCO Foresight Archive and Retrieval System: versions 5.1.0 and below version 5.2.0 TIBCO Foresight Archive and Retrieval System Healthcare Edition: versions 5.1.0 and below version 5.2.0 TIBCO Foresight Operational Monitor: versions 5.1.0 and below version 5.2.0 TIBCO Foresight Operational Monitor Healthcare Edition: versions 5.1.0 and below version 5.2.0 TIBCO Foresight Transaction Insight: versions 5.1.0 and below version 5.2.0 and TIBCO Foresight Transaction Insight Healthcare Edition: versions 5.1.0 and below version 5.2.0.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

http://www.tibco.com/services/support/advisories

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.8