Security Advisory Regarding TIBCO BusinessConnect

Security Advisory Regarding TIBCO BusinessConnect

book

Article ID: KB0107945

calendar_today

Updated On:

Products Versions
TIBCO BusinessConnect 7.3.0

Description

TIBCO BusinessConnect Reflected XSS Vulnerability

  Original release date: February 22, 2023
  Last revised: ---
  Source: TIBCO Software Inc.




Description

  The component listed above contains easily exploitable Reflected Cross Site
  Scripting (XSS) vulnerabilities that allow a low privileged attacker with
  network access to execute scripts targeting the affected system or the
  victim's local system.


Impact

  In the worst case, if the victim is a privileged administrator, successful
  execution of these vulnerabilities can result in an attacker gaining full
  administrative access to the affected system.

  CVSS v3.1 Base Score: 7.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N)


 

Environment

Products Affected   TIBCO BusinessConnect versions 7.3.0 and below   The following component is affected:     * BusinessConnect UI

Resolution


  TIBCO has released updated versions of the affected systems which address
  these issues:

  TIBCO BusinessConnect versions 7.3.0 and below: update to version 7.3.1 or
    later
 

Issue/Introduction

Security Advisory Regarding TIBCO BusinessConnect Reflected XSS Vulnerability

Additional Information

  https://www.tibco.com/services/support/advisories
  CVE-2023-26214