Security Advisory Regarding TIBCO EBX
Article ID: KB0108058
Updated On:
| Products | Versions |
|---|---|
| TIBCO EBX | 5.8.1.fixR and below, 5.9.3, 5.9.4, 5.9.5, and 5.9.6 |
Description
TIBCO EBX Exposes Multiple Cross-Site Scripting Vulnerabilities
Original release date: November 5, 2019
Last revised: ---
Source: TIBCO Software Inc.
The following component is affected:
* Web server
Description
The component listed above contains multiple vulnerabilities that
theoretically allow authenticated users to perform stored cross-site scripting
(XSS) attacks, and unauthenticated users to perform reflected cross-site
scripting attacks.
Impact
The impact of these vulnerabilities includes the theoretical possibility that
an attacker could gain full administrative access to the web interface of the
affected component.
CVSS v3 Base Score: 8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
Environment
Systems Affected
TIBCO EBX versions 5.8.1.fixR and below
TIBCO EBX versions 5.9.3, 5.9.4, 5.9.5, and 5.9.6
Resolution
TIBCO has released updated versions of the affected systems which address
these issues:
TIBCO EBX versions 5.8.1.fixR and below update to version 5.8.1.fixS or
higher
TIBCO EBX versions 5.9.3, 5.9.4, 5.9.5, and 5.9.6 update to version 5.9.7 or
higher
these issues:
TIBCO EBX versions 5.8.1.fixR and below update to version 5.8.1.fixS or
higher
TIBCO EBX versions 5.9.3, 5.9.4, 5.9.5, and 5.9.6 update to version 5.9.7 or
higher
Issue/Introduction
TIBCO EBX Exposes Multiple Cross-Site Scripting Vulnerabilities
Additional Information
http://www.tibco.com/services/support/advisories
CVE-2019-17330
CVE-2019-17330
Feedback
Yes
No
Powered by
