Security Advisory regarding TIBCO Silver Fabric
Article ID: KB0108035
Updated On:
| Products | Versions |
|---|---|
| TIBCO Silver Fabric | 6.0.0 and below |
Description
TIBCO Silver Fabric XSS vulerability
Original release date: August 11, 2020
Last revised: ---
Source: TIBCO Software Inc.
Description
The component listed above contains a vulnerability that theoretically allows
an attacker to inject scripts via URLs. The attacker could theoretically
social engineer an authenticated user into submitting the URL, thus executing
the script on the affected system with the privileges of the user.
Impact
The impact of this vulnerability includes the possibility that an attacker
could steal session tokens of the authenticated user which would allow the
attacker to hijack the session and perform whatever tasks the user has
permission to execute.
CVSS v3 Base Score: 6.8 (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N)
Original release date: August 11, 2020
Last revised: ---
Source: TIBCO Software Inc.
Description
The component listed above contains a vulnerability that theoretically allows
an attacker to inject scripts via URLs. The attacker could theoretically
social engineer an authenticated user into submitting the URL, thus executing
the script on the affected system with the privileges of the user.
Impact
The impact of this vulnerability includes the possibility that an attacker
could steal session tokens of the authenticated user which would allow the
attacker to hijack the session and perform whatever tasks the user has
permission to execute.
CVSS v3 Base Score: 6.8 (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N)
Issue/Introduction
TIBCO Silver Fabric XSS vulerability
Environment
Systems Affected
TIBCO Silver Fabric versions 6.0.0 and below
The following component is affected:
* VirtualRouter
Resolution
TIBCO has released updated versions of the affected systems which address this
issue:
TIBCO Silver Fabric versions 6.0.0 and below update to version 6.0.1 or
higher
issue:
TIBCO Silver Fabric versions 6.0.0 and below update to version 6.0.1 or
higher
Additional Information
http://www.tibco.com/services/support/advisories
CVE-2019-17339
CVE-2019-17339
Feedback
Yes
No
Powered by
