ADVISORY ID :TINA202301 Impersonation
A vulnerability has been discovered in Tina product.
A malevolent user with enough privileges may configure a host they control to impersonate a legitimate
Tina client.
This specific configuration could lead to data leaks.
Credit: Markus Petri from RRZE Erlangen brought this vulnerability to our attention.
The following Tina
versions are affected:
– 4.7.1 prior to P6469
– 4.8.1 prior to P6485
CVSS 3.1 score 5.9 Medium
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L
To fully protect Tina Server against impersonating hosts, the Tina Administrator must modify the file
parameter.xml and set the configuration parameter unknown_client_filter to the value yes.
We recommend using the graphical interface to set the configuration parameter.
We strongly recommend upgrading Tina Server to version 4.7.1 P6469 or 4.8.1 P6485 or higher which
fixes the configuration parameter.
Technical details: an attacker controlling a host on the same network as the Tina Server can impersonate,
(through a particular network configuration) a legitimate Tina Client which could lead to data leaks.
Categories
- Advisories (17)
- CVE (6)
- Software Alerts (6)
Articles / Posts
- Tomcat CVE-2025-24813
- Flexera CVE-2024-2658
- Curl CVE-2024-7264 vulnerability
- Tenable.sc Report: OpenSSL 3.0.0 < 3.0.15 Vulnerability
- Software Alert – Tina 4.9.1 – VMWare
- Apache CVE-2023-25690 vulnerability
- ADVISORY ID :TINA202301 Impersonation
- Advisory ID : LINA/ADE-2023-0002
- Advisory ID : LINA/ADE-2023-0001
- Software Alert – Tina 4.6.9 – Hyper-V