Security Advisory regarding TIBCO iProcess

Security Advisory regarding TIBCO iProcess

book

Article ID: KB0108031

calendar_today

Updated On:

Products Versions
TIBCO iProcess Workspace (Browser) 11.6.0 and below

Description

TIBCO iProcess Workspace Browser CSRF

  Original release date: November 10, 2020
  Last revised: ---
  Source: TIBCO Software Inc.

Description

  The component listed above contains a vulnerability that theoretically allows
  an unauthenticated attacker with network access to execute a Cross Site
  Request Forgery (CSRF) attack on the affected system. A successful attack
  using this vulnerability requires human interaction from an authenticated user
  other than the attacker.


Impact

  Successful execution of this vulnerability can result in unauthorized read,
  update, insert or delete access to some of the data in the affected system.

  CVSS v3 Base Score: 5.0 (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)
 

Issue/Introduction

Security Advisory regarding TIBCO iProcess Workspace Browser CSRF

Environment

Systems Affected   TIBCO iProcess Workspace (Browser) versions 11.6.0 and below   The following component is affected:     * Core

Resolution


  TIBCO has released updated versions of the affected systems which address this
  issue:

  TIBCO iProcess Workspace (Browser) versions 11.6.0 and below update to
    version 11.8.0 or higher
 

Additional Information

  http://www.tibco.com/services/support/advisories
  CVE-2020-27146
 
Powered by Wolken Software