Security Advisory regarding TIBCO EBX Add-ons
Article ID: KB0107946
Updated On:
| Products | Versions |
|---|---|
| TIBCO EBX Add-ons | 5.6.0 and below |
Description
TIBCO EBX Add-ons Cross Site Scripting (XXS) Vulnerability
Original release date: February 22, 2023
Last revised: ---
Source: TIBCO Software Inc.
Description
The component listed above contains an easily exploitable vulnerability that
allows a low privileged attacker with network access to execute stored XSS on
the affected system.
Impact
The impact of this vulnerability includes the theoretical possibility of
unauthorized access to TIBCO EBX® Add-ons data. This includes the ability to
update, insert, or delete data.
CVSS v3.1 Base Score: 8.7 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N)
Original release date: February 22, 2023
Last revised: ---
Source: TIBCO Software Inc.
Description
The component listed above contains an easily exploitable vulnerability that
allows a low privileged attacker with network access to execute stored XSS on
the affected system.
Impact
The impact of this vulnerability includes the theoretical possibility of
unauthorized access to TIBCO EBX® Add-ons data. This includes the ability to
update, insert, or delete data.
CVSS v3.1 Base Score: 8.7 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N)
Issue/Introduction
Security Advisory regarding TIBCO EBX Add-ons Cross Site Scripting (XXS) Vulnerability
Environment
Products Affected
TIBCO EBX Add-ons versions 5.6.0 and below
The following component is affected:
* server
Resolution
TIBCO has released updated versions of the affected systems which address this
issue:
TIBCO EBX Add-ons versions 5.6.0 and below: update to version 5.6.1 or later
issue:
TIBCO EBX Add-ons versions 5.6.0 and below: update to version 5.6.1 or later
Additional Information
https://www.tibco.com/services/support/advisories
CVE-2022-41566
CVE-2022-41566
Feedback
Yes
No
Powered by
