Security Advisory Regarding TIBCO EBX
Article ID: KB0107947
Updated On:
| Products | Versions |
|---|---|
| TIBCO EBX | 5.9.21 and below, 6.0.11 and below |
Description
TIBCO EBX Cross Site Scripting (XXS) Vulnerability
Original release date: February 22, 2023
Last revised: ---
Source: TIBCO Software Inc.
The following component is affected:
* Web Application
Description
The component listed above contains an easily exploitable vulnerability that
allows a low privileged attacker with network access to execute a stored XSS
on the affected system.
Impact
The impact of this vulnerability includes the theoretical possibility
resulting in unauthorized ability to update, insert or delete TIBCO EBX data.
CVSS v3.1 Base Score: 8.7 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N)
Environment
Products Affected
TIBCO EBX versions 5.9.21 and below
TIBCO EBX versions 6.0.11 and below
TIBCO Product and Service Catalog powered by TIBCO EBX versions 1.2.0 and
below
The following component is affected:
* Web Application
Resolution
TIBCO has released updated versions of the affected systems which address this
issue:
TIBCO EBX versions 5.9.21 and below: update to version 5.9.22 or later
TIBCO EBX versions 6.0.11 and below: update to version 6.0.12 or later
TIBCO Product and Service Catalog powered by TIBCO EBX versions 1.2.0 and
below: update to version 1.2.1 or later
issue:
TIBCO EBX versions 5.9.21 and below: update to version 5.9.22 or later
TIBCO EBX versions 6.0.11 and below: update to version 6.0.12 or later
TIBCO Product and Service Catalog powered by TIBCO EBX versions 1.2.0 and
below: update to version 1.2.1 or later
Issue/Introduction
Security Advisory Regarding TIBCO EBX Cross Site Scripting (XXS) Vulnerability
Additional Information
https://www.tibco.com/services/support/advisories
CVE-2022-41565
CVE-2022-41565
Feedback
Yes
No
Powered by
