Security Advisory Regarding TIBCO Nimbus

Security Advisory Regarding TIBCO Nimbus

book

Article ID: KB0108003

calendar_today

Updated On:

Products Versions
TIBCO Nimbus 10.4.0 and below

Description

TIBCO Nimbus Stored Cross-site Scripting (XSS) vulnerabilities

  Original release date: October 26, 2021
  Last revised: ---
  Source: TIBCO Software Inc.

Description

  The component listed above contains easily exploitable Stored Cross Site
  Scripting (XSS) vulnerabilities that allow a low privileged attacker to social
  engineer a legitimate user with network access to execute scripts targeting
  the affected system or the victim's local system. A successful attack using
  this vulnerability requires human interaction from a person other than the
  attacker.


Impact

  In the worst case, if the victim is a privileged administrator, successful
  execution of these vulnerabilities can result in an attacker gaining full
  administrative access to the affected system or the victim's local system.

  CVSS v3 Base Score: 8.0 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)

Environment

Products Affected TIBCO Nimbus versions 10.4.0 and below The following component is affected: * Web Reporting

Resolution


  TIBCO has released updated versions of the affected systems which address this
  issue:

  TIBCO Nimbus versions 10.4.0 and below update to version 10.4.1 or later
 

Issue/Introduction

Security Advisory Regarding TIBCO Nimbus Stored Cross-site Scripting (XSS) vulnerabilities

Additional Information

  https://www.tibco.com/services/support/advisories
  CVE-2021-35499
 
Powered by Wolken Software