Security Advisory Regarding TIBCO EBX Add-on For Data Exchange
Article ID: KB0108057
Updated On:
| Products | Versions |
|---|---|
| TIBCO EBX Add-ons | 3.20.13 and below, 4.1.0 |
Description
TIBCO EBX Add-on For Data Exchange Cross-Site Scripting Vulnerabilities
Original release date: November 12, 2019
Last revised: ---
Source: TIBCO Software Inc.
Description
The component listed above contains a vulnerability that theoretically allows
authenticated users to perform stored cross-site scripting (XSS) attacks.
Impact
The impact of this vulnerability includes the theoretical possibility that an
attacker could gain full administrative access to the web interface of the
affected component.
CVSS v3 Base Score: 7.3 (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N)
Original release date: November 12, 2019
Last revised: ---
Source: TIBCO Software Inc.
Description
The component listed above contains a vulnerability that theoretically allows
authenticated users to perform stored cross-site scripting (XSS) attacks.
Impact
The impact of this vulnerability includes the theoretical possibility that an
attacker could gain full administrative access to the web interface of the
affected component.
CVSS v3 Base Score: 7.3 (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N)
Issue/Introduction
Security Advisory Regarding TIBCO EBX Add-on For Data Exchange Cross-Site Scripting Vulnerabilities
Environment
Systems Affected
TIBCO EBX Add-ons versions 3.20.13 and below
TIBCO EBX Add-ons version 4.1.0
Resolution
TIBCO has released updated versions of the affected systems which address this
issue:
TIBCO EBX Add-ons versions 3.20.13 and below update to version 3.20.14 or
higher
TIBCO EBX Add-ons version 4.1.0 update to version 4.2.0 or higher
issue:
TIBCO EBX Add-ons versions 3.20.13 and below update to version 3.20.14 or
higher
TIBCO EBX Add-ons version 4.1.0 update to version 4.2.0 or higher
Additional Information
http://www.tibco.com/services/support/advisories
CVE-2019-17331
CVE-2019-17331
Feedback
Yes
No
Powered by
