Security Advisory Regarding TIBCO EBX

Security Advisory Regarding TIBCO EBX

book

Article ID: KB0108058

calendar_today

Updated On:

Products Versions
TIBCO EBX 5.8.1.fixR and below, 5.9.3, 5.9.4, 5.9.5, and 5.9.6

Description

TIBCO EBX Exposes Multiple Cross-Site Scripting Vulnerabilities

  Original release date: November 5, 2019
  Last revised: ---
  Source: TIBCO Software Inc.

  The following component is affected:

    * Web server


Description

  The component listed above contains multiple vulnerabilities that
  theoretically allow authenticated users to perform stored cross-site scripting
  (XSS) attacks, and unauthenticated users to perform reflected cross-site
  scripting attacks.


Impact

  The impact of these vulnerabilities includes the theoretical possibility that
  an attacker could gain full administrative access to the web interface of the
  affected component.

  CVSS v3 Base Score: 8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

Issue/Introduction

TIBCO EBX Exposes Multiple Cross-Site Scripting Vulnerabilities

Environment

Systems Affected TIBCO EBX versions 5.8.1.fixR and below TIBCO EBX versions 5.9.3, 5.9.4, 5.9.5, and 5.9.6

Resolution

  TIBCO has released updated versions of the affected systems which address
  these issues:

  TIBCO EBX versions 5.8.1.fixR and below update to version 5.8.1.fixS or
    higher

  TIBCO EBX versions 5.9.3, 5.9.4, 5.9.5, and 5.9.6 update to version 5.9.7 or
    higher

Additional Information

  http://www.tibco.com/services/support/advisories
  CVE-2019-17330
Powered by Wolken Software