Security Advisory Regarding TIBCO BusinessConnect
Article ID: KB0107945
Updated On:
| Products | Versions |
|---|---|
| TIBCO BusinessConnect | 7.3.0 |
Description
TIBCO BusinessConnect Reflected XSS Vulnerability
Original release date: February 22, 2023
Last revised: ---
Source: TIBCO Software Inc.
Description
The component listed above contains easily exploitable Reflected Cross Site
Scripting (XSS) vulnerabilities that allow a low privileged attacker with
network access to execute scripts targeting the affected system or the
victim's local system.
Impact
In the worst case, if the victim is a privileged administrator, successful
execution of these vulnerabilities can result in an attacker gaining full
administrative access to the affected system.
CVSS v3.1 Base Score: 7.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N)
Environment
Products Affected
TIBCO BusinessConnect versions 7.3.0 and below
The following component is affected:
* BusinessConnect UI
Resolution
TIBCO has released updated versions of the affected systems which address
these issues:
TIBCO BusinessConnect versions 7.3.0 and below: update to version 7.3.1 or
later
Issue/Introduction
Security Advisory Regarding TIBCO BusinessConnect Reflected XSS Vulnerability
Additional Information
https://www.tibco.com/services/support/advisories
CVE-2023-26214
CVE-2023-26214
Feedback
Yes
No
Powered by
