TIBCO Security Advisory: November 14, 2023 - TIBCO EBX - CVE-2023-26222

TIBCO EBX Cross-site Scripting (XXS) Vulnerability

Original release date: November 14, 2023
Last revised: —
CVE-2023-26222
Source: TIBCO Software Inc.

Products Affected

• TIBCO EBX versions 5.9.22 and below
• TIBCO EBX versions 6.0.13 and below
• TIBCO Product and Service Catalog powered by TIBCO EBX versions 5.0.0 and below

The following component is affected:

• Web Application

Description

The component listed above contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a stored XSS on the affected system. 

Impact

The impact of this vulnerability includes the theoretical possibility resulting in unauthorized ability to update, insert or delete TIBCO EBX® data.

TIBCO has released updated versions of the affected systems which address this issue:

• TIBCO EBX versions 5.9.22 and below: update to version 5.9.23 or later
• TIBCO EBX versions 6.0.13 and below: update to version 6.0.14 or later
• TIBCO Product and Service Catalog powered by TIBCO EBX versions 5.0.0 and below: update to version 5.1.0 or later