Security Advisory Regarding TIBCO BPM Enterprise

Security Advisory Regarding TIBCO BPM Enterprise

book

Article ID: KB0108028

calendar_today

Updated On:

Products Versions
TIBCO BPM Enterprise (formerly TIBCO ActiveMatrix BPM) 4.3.0 and below

Description

TIBCO BPM Cross Site Scripting (XSS)

  Original release date: January 26, 2021
  Last revised: ---
  Source: TIBCO Software Inc.



Description

  The component listed above contains a vulnerability that theoretically allows
  a low privileged attacker with network access to execute a Cross Site
  Scripting (XSS) attack on the affected system.


Impact

  Successful execution of this vulnerability can result in unauthorized read
  access, as well as unauthorized update, insert or delete access to a subset of
  AMX-BPM data on the affected system.

  CVSS v3 Base Score: 4.6 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N)

Issue/Introduction

Security Advisory Regarding TIBCO BPM Enterprise Cross Site Scripting (XSS)

Environment

Systems Affected TIBCO BPM Enterprise versions 4.3.0 and below TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric versions 4.3.0 and below The following component is affected: * Application Development Clients

Resolution


  TIBCO has released updated versions of the affected systems which address this
  issue:

  TIBCO BPM Enterprise versions 4.3.0 and below update to version 4.3.1 or
    higher

  TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric versions 4.3.0 and
    below update to version 4.3.1 or higher

Additional Information

  http://www.tibco.com/services/support/advisories
  CVE-2021-23272
 
Powered by Wolken Software