Security Advisory Regarding TIBCO BusinessConnect Trading Community Management

Security Advisory Regarding TIBCO BusinessConnect Trading Community Management

book

Article ID: KB0107974

calendar_today

Updated On:

Products Versions
TIBCO BusinessConnect Trading Community Management 6.1.0

Description

TIBCO BusinessConnect Trading Community Management Cross-Site Request Forgery
Vulnerability

  Original release date: May 18, 2022
  Last revised: ---
  Source: TIBCO Software Inc.

Description

  The component listed above contains an easily exploitable vulnerability that
  allows an unauthenticated attacker with network access to execute Cross-Site
  Request Forgery (CSRF) on the affected system. A successful attack using this
  vulnerability requires human interaction from a person other than the
  attacker.


Impact

  In the worst case, if the victim is a privileged administrator, successful
  execution of these vulnerabilities can result in an attacker gaining full
  administrative access to the affected system.

  CVSS v3 Base Score: 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

Environment

Products Affected TIBCO BusinessConnect Trading Community Management versions 6.1.0 and below The following component is affected: * Web Server

Resolution

  TIBCO has released updated versions of the affected systems which address this
  issue:

  TIBCO BusinessConnect Trading Community Management versions 6.1.0 and below:
    update to version 6.1.1 or later
 

Issue/Introduction

Security Advisory Regarding TIBCO BusinessConnect Trading Community Management Cross-Site Request Forgery Vulnerability

Additional Information

  https://www.tibco.com/services/support/advisories
  CVE-2022-22778
 
Powered by Wolken Software