Security Advisory Regarding TIBCO EBX Add-on For Digital Asset Manager

Security Advisory Regarding TIBCO EBX Add-on For Digital Asset Manager

book

Article ID: KB0108056

calendar_today

Updated On:

Products Versions
TIBCO EBX Add-ons 3.20.13 abd below, 4.1.0, 4.2.0, 4.2.1, and 4.2.2

Description

TIBCO EBX Add-on For Digital Asset Manager Cross-Site Scripting Vulnerabilities

  Original release date: November 12, 2019
  Last revised: ---
  Source: TIBCO Software Inc.

  The following component is affected:

    * Digital Asset Manager Web Interface

Description

  The component listed above contains a vulnerability that theoretically allows
  authenticated users to perform stored cross-site scripting (XSS) attacks.


Impact

  The impact of this vulnerability includes the theoretical possibility that an
  attacker could gain full administrative access to the web interface of the
  affected component.

  CVSS v3 Base Score: 7.3 (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N)

Issue/Introduction

Security Advisory Regarding TIBCO EBX Add-on For Digital Asset Manager Cross-Site Scripting Vulnerabilities

Environment

Systems Affected TIBCO EBX Add-ons versions 3.20.13 and below TIBCO EBX Add-ons versions 4.1.0, 4.2.0, 4.2.1, and 4.2.2 The following component is affected: * Digital Asset Manager Web Interface

Resolution

  TIBCO has released updated versions of the affected systems which address this
  issue:

  TIBCO EBX Add-ons versions 3.20.13 and below update to version 3.20.14 or
    higher

  TIBCO EBX Add-ons versions 4.1.0, 4.2.0, 4.2.1, and 4.2.2 update to version
    4.3.0 or higher

Additional Information

  http://www.tibco.com/services/support/advisories
  CVE-2019-17332
Powered by Wolken Software