Security Advisory Regarding TIBCO BusinessConnect Trading Community Management
Article ID: KB0107972
Updated On:
| Products | Versions |
|---|---|
| TIBCO BusinessConnect Trading Community Management | 6.1.0 |
Description
TIBCO BusinessConnect Trading Community Management Reflected Cross Site Scripting
Vulnerability
Original release date: May 18, 2022
Last revised: ---
Source: TIBCO Software Inc.
Description
The component listed above contains easily exploitable Reflected Cross Site
Scripting (XSS) vulnerabilities that allow an unauthenticated attacker with
network access to execute scripts targeting the affected system or the
victim's local system.
Impact
Successful execution of this vulnerability can result in an attacker gaining
partial access to the affected system and can result in unauthorized read,
update, insert or delete access to a subset of resources.
CVSS v3 Base Score: 6.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
Environment
Products Affected
TIBCO BusinessConnect Trading Community Management versions 6.1.0 and below
The following component is affected:
* Web Server
Resolution
TIBCO has released updated versions of the affected systems which address this
issue:
TIBCO BusinessConnect Trading Community Management versions 6.1.0 and below:
update to version 6.1.1 or later
issue:
TIBCO BusinessConnect Trading Community Management versions 6.1.0 and below:
update to version 6.1.1 or later
Issue/Introduction
Security Advisory Regarding TIBCO BusinessConnect Trading Community Management Reflected Cross Site Scripting
Vulnerability
Additional Information
https://www.tibco.com/services/support/advisories
CVE-2022-22777
CVE-2022-22777
Feedback
Yes
No
Powered by
