CVE-2014-2075

TIBCO Enterprise Administrator 1.0.0 and Enterprise Administrator SDK 1.0.0 do not properly enforce administrative authentication requirements, which allows remote attackers to execute arbitrary commands via unspecified vectors.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.tibco.com/mk/advisory.jsp	Vendor Advisory
http://www.tibco.com/multimedia/enterprise_administator_advisory_20140226_tcm8-20533.txt	Vendor Advisory
http://www.tibco.com/mk/advisory.jsp	Vendor Advisory
http://www.tibco.com/multimedia/enterprise_administator_advisory_20140226_tcm8-20533.txt	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:tibco:enterprise_administrator:1.0.0:::::::*
	cpe:2.3:a:tibco:enterprise_administrator_sdk:1.0.0:::::::*

History

21 Nov 2024, 02:05

Type	Values Removed	Values Added
References	~~() http://www.tibco.com/mk/advisory.jsp - Vendor Advisory~~	() http://www.tibco.com/mk/advisory.jsp - Vendor Advisory
References	~~() http://www.tibco.com/multimedia/enterprise_administator_advisory_20140226_tcm8-20533.txt - Vendor Advisory~~	() http://www.tibco.com/multimedia/enterprise_administator_advisory_20140226_tcm8-20533.txt - Vendor Advisory

Information

Published : 2014-02-27 11:55

Updated : 2024-11-21 02:05

NVD link : CVE-2014-2075

Mitre link : CVE-2014-2075

CVE.ORG link : CVE-2014-2075

JSON object : View

Products Affected

tibco

enterprise_administrator_sdk
enterprise_administrator

CWE

CWE-287

Improper Authentication

{"id": "CVE-2014-2075", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-02-27T11:55:03.627", "references": [{"url": "http://www.tibco.com/mk/advisory.jsp", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.tibco.com/multimedia/enterprise_administator_advisory_20140226_tcm8-20533.txt", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.tibco.com/mk/advisory.jsp", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.tibco.com/multimedia/enterprise_administator_advisory_20140226_tcm8-20533.txt", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "TIBCO Enterprise Administrator 1.0.0 and Enterprise Administrator SDK 1.0.0 do not properly enforce administrative authentication requirements, which allows remote attackers to execute arbitrary commands via unspecified vectors."}, {"lang": "es", "value": "TIBCO Enterprise Administrator 1.0.0 y Enterprise Administrator SDK 1.0.0 no fuerza debidamente los requisitos de autenticaci\u00f3n administrativa, lo que permite a atacantes remotos ejecutar comandos arbitrarios a trav\u00e9s de vectores no especificados."}], "lastModified": "2024-11-21T02:05:35.587", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:tibco:enterprise_administrator:1.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7AF62F25-6FA0-4CE8-974D-6DB4D503ED70"}, {"criteria": "cpe:2.3:a:tibco:enterprise_administrator_sdk:1.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BE49B49F-F61C-4271-AA47-58919F02E0D6"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}