Security Advisory regarding TIBCO iProcess
Article ID: KB0108031
Updated On:
| Products | Versions |
|---|---|
| TIBCO iProcess Workspace (Browser) | 11.6.0 and below |
Description
TIBCO iProcess Workspace Browser CSRF
Original release date: November 10, 2020
Last revised: ---
Source: TIBCO Software Inc.
Description
The component listed above contains a vulnerability that theoretically allows
an unauthenticated attacker with network access to execute a Cross Site
Request Forgery (CSRF) attack on the affected system. A successful attack
using this vulnerability requires human interaction from an authenticated user
other than the attacker.
Impact
Successful execution of this vulnerability can result in unauthorized read,
update, insert or delete access to some of the data in the affected system.
CVSS v3 Base Score: 5.0 (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)
Environment
Systems Affected
TIBCO iProcess Workspace (Browser) versions 11.6.0 and below
The following component is affected:
* Core
Resolution
TIBCO has released updated versions of the affected systems which address this
issue:
TIBCO iProcess Workspace (Browser) versions 11.6.0 and below update to
version 11.8.0 or higher
Issue/Introduction
Security Advisory regarding TIBCO iProcess Workspace Browser CSRF
Additional Information
http://www.tibco.com/services/support/advisories
CVE-2020-27146
CVE-2020-27146
Feedback
Yes
No
Powered by
