TIBCO DataSynapse GridServer Manager CVE-2018-12416 Cross Site Request Forgery Vulnerability

TIBCO DataSynapse GridServer Manager is prone to a cross-site request-forgery vulnerability because the application fails to properly validate HTTP requests.
Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible.
The following versions are vulnerable:
TIBCO DataSynapse GridServer Manager versions 5.2.0 and prior
TIBCO DataSynapse GridServer Manager versions 6.0.x, 6.1.x, 6.2.x, and 6.3.0

Information

Bugtraq ID: 105913
Class: Input Validation Error
CVE: CVE-2018-12416

Remote: Yes
Local: No
Published: Nov 13 2018 12:00AM
Updated: Nov 13 2018 12:00AM
Credit: The vendor reported this issue.
Vulnerable: TIBCO DataSynapse GridServer Manager 6.3
TIBCO DataSynapse GridServer Manager 6.2
TIBCO DataSynapse GridServer Manager 6.1.1
TIBCO DataSynapse GridServer Manager 6.1
TIBCO DataSynapse GridServer Manager 6.0.2
TIBCO DataSynapse GridServer Manager 6.0.1
TIBCO DataSynapse GridServer Manager 6.0
TIBCO DataSynapse GridServer Manager 5.2
TIBCO DataSynapse GridServer Manager 5.1.3

Not Vulnerable: TIBCO DataSynapse GridServer Manager 6.3.1
TIBCO DataSynapse GridServer Manager 5.2.1

Exploit

An attacker can exploit this issue by enticing an unsuspecting user to follow a malicious URI.

References:

TIBCO Homepage (TIBCO)
TIBCO Security Advisory: November 13, 2018 - TIBCO DataSynapse GridServer Manag (Tibco)

Source: www.securityfocus.com

Exploit Collector

Search Exploit