TIBCO DataSynapse GridServer Manager is prone to a cross-site request-forgery vulnerability because the application fails to properly validate HTTP requests.
Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible.
The following versions are vulnerable:
TIBCO DataSynapse GridServer Manager versions 5.2.0 and prior
TIBCO DataSynapse GridServer Manager versions 6.0.x, 6.1.x, 6.2.x, and 6.3.0
Information
TIBCO DataSynapse GridServer Manager 6.2
TIBCO DataSynapse GridServer Manager 6.1.1
TIBCO DataSynapse GridServer Manager 6.1
TIBCO DataSynapse GridServer Manager 6.0.2
TIBCO DataSynapse GridServer Manager 6.0.1
TIBCO DataSynapse GridServer Manager 6.0
TIBCO DataSynapse GridServer Manager 5.2
TIBCO DataSynapse GridServer Manager 5.1.3
TIBCO DataSynapse GridServer Manager 5.2.1
Exploit
An attacker can exploit this issue by enticing an unsuspecting user to follow a malicious URI.
References: