Security Advisory Regarding TIBCO EBX
Article ID: KB0108050
Updated On:
| Products | Versions |
|---|---|
| TIBCO EBX | 5.8.1.fixS and below, 5.9.3, 5.9.4, 5.9.5, 5.9.6, and 5.9.7 |
Description
TIBCO EBX Exposes Cross-Site Scripting Vulnerability
Original release date: February 19, 2020
Last revised: ---
Source: TIBCO Software Inc.
Description
The component listed above contains a vulnerability that theoretically allows
authenticated users to perform stored cross-site scripting (XSS) attacks.
Impact
The impact of these vulnerabilities includes the theoretical possibility that
an attacker could gain full administrative access to the web interface of the
affected component.
CVSS v3 Base Score: 8.0 (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)
Environment
Systems Affected
TIBCO EBX versions 5.8.1.fixS and below
TIBCO EBX versions 5.9.3, 5.9.4, 5.9.5, 5.9.6, and 5.9.7
The following component is affected:
* Web server
Resolution
TIBCO has released updated versions of the affected systems which address this
issue:
TIBCO EBX versions 5.8.1.fixS and below update to version 5.8.1.fixT or
higher
TIBCO EBX versions 5.9.3, 5.9.4, 5.9.5, 5.9.6, and 5.9.7 update to version
5.9.8 or higher
issue:
TIBCO EBX versions 5.8.1.fixS and below update to version 5.8.1.fixT or
higher
TIBCO EBX versions 5.9.3, 5.9.4, 5.9.5, 5.9.6, and 5.9.7 update to version
5.9.8 or higher
Issue/Introduction
TIBCO EBX Exposes Cross-Site Scripting Vulnerability
Additional Information
http://www.tibco.com/services/support/advisories
CVE-2019-17333
CVE-2019-17333
Feedback
Yes
No
Powered by
