Security Advisory Regarding TIBCO Nimbus

Security Advisory Regarding TIBCO Nimbus

book

Article ID: KB0107939

calendar_today

Updated On:

Products Versions
TIBCO Nimbus 10.6.0 and below

Description

TIBCO Security Advisory: September 27, 2023 - TIBCO Nimbus - CVE-2023-26218
TIBCO Nimbus Reflected Cross-site Scripting (XSS) vulnerabilities
Original release date: September 27, 2023
Last revised: —
CVE-2023-26218
Source: TIBCO Software Inc.

Description

The component listed above contains easily exploitable Reflected Cross Site
Scripting (XSS) vulnerabilities that allow a low privileged attacker to social
engineer a legitimate user with network access to execute scripts targeting
the affected system or the victim's local system. A successful attack using
this vulnerability requires human interaction from a person other than the attacker.

Impact
In the worst case, if the victim is a privileged administrator, successful
execution of these vulnerabilities can result in an attacker gaining full
administrative access to the affected system.
CVSS v3 Base Score: 8.0

Environment

Products Affected ● TIBCO Nimbus® versions 10.6.0 and below The following component is affected: ● Web Client

Resolution


TIBCO has released updated versions of the affected systems which address
this issue:

● TIBCO Nimbus® versions 10.6.0 and below update to version 10.6.1
or later

Issue/Introduction

Security Advisory Regarding TIBCO Nimbus Reflected Cross-site Scripting (XSS) vulnerabilities

Additional Information

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26218
https://www.tibco.com/support/advisories/2023/09/tibco-security-advisory-september-27-2023-tibco-nimbus-cve-2023-26218
Powered by Wolken Software