The TIBCO iProcess components listed above contain critical vulnerabilities in the processing of inbound HTTP requests:
CVE-2010-2020 - A cross-site scripting vulnerability exists which may allow an attacker to view or modify information in the database.
CVE-2010-2021 - A session fixation vulnerability exists which may allow an attacker to hijack a web session from another user.
TIBCO has released updated versions of the affected software products which address these issues. TIBCO strongly recommends sites running the affected components install the applicable update or take corrective action as described below.
Impact
The impact of these vulnerabilities may include information modification, information disclosure, and denial of service.
Solution
For each affected system, update to the corresponding software versions:
TIBCO iProcess Engine version 11.1.3 or higher TIBCO iProcess Workspace (Browser) version 11.3.1 or higher
This is strongly recommended.
If an upgrade is not possible, the following actions can mitigate the vulnerability:
* Utilize a firewall to restrict access to the TIBCO iProcess components.
The TIBCO iProcess components listed above contain critical vulnerabilities in the processing of inbound HTTP requests:
CVE-2010-2020 - A cross-site scripting vulnerability exists which may allow an attacker to view or modify information in the database.
CVE-2010-2021 - A session fixation vulnerability exists which may allow an attacker to hijack a web session from another user.
TIBCO has released updated versions of the affected software products which address these issues. TIBCO strongly recommends sites running the affected components install the applicable update or take corrective action as described below.
Impact
The impact of these vulnerabilities may include information modification, information disclosure, and denial of service.
Solution
For each affected system, update to the corresponding software versions:
TIBCO iProcess Engine version 11.1.3 or higher TIBCO iProcess Workspace (Browser) version 11.3.1 or higher
This is strongly recommended.
If an upgrade is not possible, the following actions can mitigate the vulnerability:
* Utilize a firewall to restrict access to the TIBCO iProcess components.