Security Advisory Regarding TIBCO MDM
Article ID: KB0108059
Updated On:
| Products | Versions |
|---|---|
| TIBCO MDM | 9.0.1 and below, 9.1.0 |
Description
TIBCO MDM Exposes Cross-Site Scripting Vulnerabilities
Original release date: October 8, 2019
Last revised: ---
Source: TIBCO Software Inc.
Description
The component listed above contains multiple vulnerabilities that
theoretically allow an authenticated user with specific roles to perform
cross-site scripting (XSS) attacks.
Impact
The impact of these vulnerabilities includes the theoretical possibility that
a non-administrative user could gain full administrative access to the web
interface of the affected component.
CVSS v3 Base Score: 6.3 (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N)
Original release date: October 8, 2019
Last revised: ---
Source: TIBCO Software Inc.
Description
The component listed above contains multiple vulnerabilities that
theoretically allow an authenticated user with specific roles to perform
cross-site scripting (XSS) attacks.
Impact
The impact of these vulnerabilities includes the theoretical possibility that
a non-administrative user could gain full administrative access to the web
interface of the affected component.
CVSS v3 Base Score: 6.3 (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N)
Issue/Introduction
Security Advisory Regarding TIBCO MDM
Environment
Systems Affected
TIBCO MDM versions 9.0.1 and below
TIBCO MDM version 9.1.0
The following component is affected:
* MDM server
Resolution
Solution
TIBCO has released updated versions of the affected systems which address
these issues:
TIBCO MDM versions 9.0.1 and below update to version 9.0.2 or higher
TIBCO MDM version 9.1.0 update to version 9.1.2 or higher
TIBCO has released updated versions of the affected systems which address
these issues:
TIBCO MDM versions 9.0.1 and below update to version 9.0.2 or higher
TIBCO MDM version 9.1.0 update to version 9.1.2 or higher
Additional Information
http://www.tibco.com/services/support/advisories
CVE-2019-11212
CVE-2019-11212
Feedback
Yes
No
Powered by
