Security Advisory regarding TIBCO Patterns
Article ID: KB0108051
Updated On:
| Products | Versions |
|---|---|
| TIBCO Patterns | 5.4.0 and below |
Description
TIBCO Patterns - Search Exposes Cross Site Scripting Vulnerabilities
Original release date: January 28, 2020
Last revised: ---
Source: TIBCO Software Inc.
Description
The component listed above contains multiple vulnerabilities that
theoretically allow authenticated users to perform persistent cross-site
scripting (XSS) attacks.
Impact
The impact of these vulnerabilities includes the theoretical possibility that
an attacker could gain all privileges available via the affected component.
CVSS v3 Base Score: 7.3 (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N)
Original release date: January 28, 2020
Last revised: ---
Source: TIBCO Software Inc.
Description
The component listed above contains multiple vulnerabilities that
theoretically allow authenticated users to perform persistent cross-site
scripting (XSS) attacks.
Impact
The impact of these vulnerabilities includes the theoretical possibility that
an attacker could gain all privileges available via the affected component.
CVSS v3 Base Score: 7.3 (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N)
Issue/Introduction
TIBCO Patterns - Search Exposes Cross Site Scripting Vulnerabilities
Environment
Systems Affected
TIBCO Patterns - Search versions 5.4.0 and below
The following component is affected:
* user interface
Resolution
TIBCO has released updated versions of the affected systems which address
these issues:
TIBCO Patterns - Search versions 5.4.0 and below update to version 5.5.0 or
higher
these issues:
TIBCO Patterns - Search versions 5.4.0 and below update to version 5.5.0 or
higher
Additional Information
http://www.tibco.com/services/support/advisories
CVE-2019-17338
CVE-2019-17338
Feedback
Yes
No
Powered by
