Security Advisory regarding TIBCO Administrator

Security Advisory regarding TIBCO Administrator

book

Article ID: KB0108014

calendar_today

Updated On:

Products Versions
TIBCO Administrator 5.11.1 and below, 5.10.2 and below
TIBCO Administrator - Enterprise Edition For zLinux 5.11.1 and below, 5.10.2 and below
TIBCO Runtime Agent for zLinux 5.11.1 and below, 5.10.2 and below

Description

TIBCO Administrator Stored Cross Site Scripting vulnerability

  Original release date: April 20, 2021
  Last revised: ---
  Source: TIBCO Software Inc.

Description

  On unix based systems, the component listed above contains an easily
  exploitable vulnerability that allows an unauthenticated attacker to social
  engineer a legitimate user with network access to execute a Stored XSS attack
  targeting the affected system. A successful attack using this vulnerability
  requires human interaction from a person other than the attacker.


Impact

  In the worst case, if the victim is a privileged administrator successful
  execution of this vulnerability can result in an attacker gaining full
  administrative access to the affected system.

  CVSS v3 Base Score: 9.6 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L)

Environment

Products Affected TIBCO Administrator - Enterprise Edition versions 5.10.2 and below TIBCO Administrator - Enterprise Edition versions 5.11.0 and 5.11.1 TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric versions 5.10.2 and below TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric versions 5.11.0 and 5.11.1 TIBCO Administrator - Enterprise Edition for z/Linux versions 5.10.2 and below TIBCO Administrator - Enterprise Edition for z/Linux versions 5.11.0 and 5.11.1 TIBCO Runtime Agent versions 5.10.2 and below TIBCO Runtime Agent versions 5.11.0 and 5.11.1 TIBCO Runtime Agent for z/Linux versions 5.10.2 and below TIBCO Runtime Agent for z/Linux versions 5.11.0 and 5.11.1 The following component is affected: * Administration GUI

Resolution

  TIBCO has released updated versions of the affected systems which address this
  issue:

  TIBCO Administrator - Enterprise Edition versions 5.10.2 and below update to
    version 5.10.3 or higher

  TIBCO Administrator - Enterprise Edition versions 5.11.0 and 5.11.1 update
    to version 5.11.2 or higher

  TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver
    Fabric versions 5.10.2 and below update to version 5.10.3 or higher

  TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver
    Fabric versions 5.11.0 and 5.11.1 update to version 5.11.2 or higher

  TIBCO Administrator - Enterprise Edition for z/Linux versions 5.10.2 and
    below update to version 5.10.3 or higher

  TIBCO Administrator - Enterprise Edition for z/Linux versions 5.11.0 and
    5.11.1 update to version 5.11.2 or higher

  TIBCO Runtime Agent versions 5.10.2 and below update to version 5.10.3 or
    higher

  TIBCO Runtime Agent versions 5.11.0 and 5.11.1 update to version 5.11.2 or
    higher

  TIBCO Runtime Agent for z/Linux versions 5.10.2 and below update to version
    5.10.3 or higher

  TIBCO Runtime Agent for z/Linux versions 5.11.0 and 5.11.1 update to version
    5.11.2 or higher
 

Issue/Introduction

Security Advisory regarding TIBCO Administrator Stored Cross Site Scripting vulnerability

Additional Information

  http://www.tibco.com/services/support/advisories
  CVE-2021-28827
 
Powered by Wolken Software