Products | Versions |
---|---|
TIBCO MDM | 9.0.1 and below, 9.1.0 |
TIBCO MDM Exposes Cross-Site Scripting Vulnerabilities
Original release date: October 8, 2019
Last revised: ---
Source: TIBCO Software Inc.
Description
The component listed above contains multiple vulnerabilities that
theoretically allow an authenticated user with specific roles to perform
cross-site scripting (XSS) attacks.
Impact
The impact of these vulnerabilities includes the theoretical possibility that
a non-administrative user could gain full administrative access to the web
interface of the affected component.
CVSS v3 Base Score: 6.3 (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N)