Products | Versions |
---|---|
TIBCO EBX | 5.8.1.fixR and below, 5.9.3, 5.9.4, 5.9.5, and 5.9.6 |
TIBCO EBX Exposes Multiple Cross-Site Scripting Vulnerabilities
Original release date: November 5, 2019
Last revised: ---
Source: TIBCO Software Inc.
The following component is affected:
* Web server
Description
The component listed above contains multiple vulnerabilities that
theoretically allow authenticated users to perform stored cross-site scripting
(XSS) attacks, and unauthenticated users to perform reflected cross-site
scripting attacks.
Impact
The impact of these vulnerabilities includes the theoretical possibility that
an attacker could gain full administrative access to the web interface of the
affected component.
CVSS v3 Base Score: 8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)