Security Advisory regarding TIBCO WebFOCUS
Article ID: KB0108008
Updated On:
| Products | Versions |
|---|---|
| ibi WebFOCUS | 8208.27.0 and below |
Description
TIBCO WebFOCUS Cross Site Scripting vulnerabilities
Original release date: September 14, 2021
Last revised: ---
Source: TIBCO Software Inc.
Description
The components listed above contain easily exploitable Stored and Reflected
Cross Site Scripting (XSS) vulnerabilities that allow a low privileged
attacker to social engineer a legitimate user with network access to execute
scripts targeting the affected system or the victim's local system. A
successful attack using this vulnerability requires human interaction from a
person other than the attacker.
Impact
In the worst case, if the victim is a privileged administrator, successful
execution of these vulnerabilities can result in an attacker gaining full
administrative access to the affected system or the victim's local system.
CVSS v3 Base Score: 9.0 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)
Original release date: September 14, 2021
Last revised: ---
Source: TIBCO Software Inc.
Description
The components listed above contain easily exploitable Stored and Reflected
Cross Site Scripting (XSS) vulnerabilities that allow a low privileged
attacker to social engineer a legitimate user with network access to execute
scripts targeting the affected system or the victim's local system. A
successful attack using this vulnerability requires human interaction from a
person other than the attacker.
Impact
In the worst case, if the victim is a privileged administrator, successful
execution of these vulnerabilities can result in an attacker gaining full
administrative access to the affected system or the victim's local system.
CVSS v3 Base Score: 9.0 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)
Issue/Introduction
Security Advisory regarding TIBCO WebFOCUS Cross Site Scripting vulnerabilities
Environment
Products Affected
TIBCO WebFOCUS Client versions 8207.27.0 and below
TIBCO WebFOCUS Installer versions 8207.27.0 and below
TIBCO WebFOCUS Reporting Server versions 8207.27.0 and below
The following components are affected:
* WebFOCUS Reporting Server
* WebFOCUS Client
Resolution
TIBCO has released updated versions of the affected systems which address this
issue:
TIBCO WebFOCUS Client versions 8207.27.0 and below update to version
8207.28.0 or later
TIBCO WebFOCUS Installer versions 8207.27.0 and below update to version
8207.28.0 or later
TIBCO WebFOCUS Reporting Server versions 8207.27.0 and below update to
version 8207.28.0 or later
issue:
TIBCO WebFOCUS Client versions 8207.27.0 and below update to version
8207.28.0 or later
TIBCO WebFOCUS Installer versions 8207.27.0 and below update to version
8207.28.0 or later
TIBCO WebFOCUS Reporting Server versions 8207.27.0 and below update to
version 8207.28.0 or later
Additional Information
https://www.tibco.com/services/support/advisories
CVE-2021-35493
CVE-2021-35493
Feedback
Yes
No
Powered by
