Security Advisory regarding TIBCO Silver Fabric

Security Advisory regarding TIBCO Silver Fabric

book

Article ID: KB0108035

calendar_today

Updated On:

Products Versions
TIBCO Silver Fabric 6.0.0 and below

Description

TIBCO Silver Fabric XSS vulerability

  Original release date: August 11, 2020
  Last revised: ---
  Source: TIBCO Software Inc.


Description

  The component listed above contains a vulnerability that theoretically allows
  an attacker to inject scripts via URLs. The attacker could theoretically
  social engineer an authenticated user into submitting the URL, thus executing
  the script on the affected system with the privileges of the user.

Impact

  The impact of this vulnerability includes the possibility that an attacker
  could steal session tokens of the authenticated user which would allow the
  attacker to hijack the session and perform whatever tasks the user has
  permission to execute.

  CVSS v3 Base Score: 6.8 (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N)

Environment

Systems Affected TIBCO Silver Fabric versions 6.0.0 and below The following component is affected: * VirtualRouter

Resolution

  TIBCO has released updated versions of the affected systems which address this
  issue:

  TIBCO Silver Fabric versions 6.0.0 and below update to version 6.0.1 or
    higher

Issue/Introduction

TIBCO Silver Fabric XSS vulerability

Additional Information

  http://www.tibco.com/services/support/advisories
  CVE-2019-17339
 
Powered by Wolken Software