Security Advisory Regarding TIBCO EBX
Article ID: KB0107989
Updated On:
| Products | Versions |
|---|---|
| TIBCO EBX | .8.124 and below, 5.9.3, 5.9.4, 5.9.5, 5.9.6, 5.9.7, 5.9.8, 5.9.9, 5.9.10, 5.9.11, 5.9.12, 5.9.13, 5.9.14, and 5.9.15, 6.0.0, 6.0.1, 6.0.2, and 6.0.3 |
Description
TIBCO EBX vulnerabilities
Original release date: January 19, 2022
Last revised: ---
Source: TIBCO Software Inc
Description
The component listed above contains an easily exploitable vulnerability that
allows a low privileged attacker with network access to execute Stored Cross
Site Scripting (XSS) on the affected system. A successful attack using this
vulnerability requires human interaction from a person other than the
attacker.
Impact
In the worst case, if the victim is a privileged administrator, successful
execution of these vulnerabilities can result in an attacker gaining full
administrative access to the affected system.
CVSS v3 Base Score: 8.0 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)
Original release date: January 19, 2022
Last revised: ---
Source: TIBCO Software Inc
Description
The component listed above contains an easily exploitable vulnerability that
allows a low privileged attacker with network access to execute Stored Cross
Site Scripting (XSS) on the affected system. A successful attack using this
vulnerability requires human interaction from a person other than the
attacker.
Impact
In the worst case, if the victim is a privileged administrator, successful
execution of these vulnerabilities can result in an attacker gaining full
administrative access to the affected system.
CVSS v3 Base Score: 8.0 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)
Issue/Introduction
Security Advisory Regarding TIBCO EBX vulnerabilities
Environment
Products Affected
TIBCO EBX versions 5.8.124 and below
TIBCO EBX versions 5.9.3, 5.9.4, 5.9.5, 5.9.6, 5.9.7, 5.9.8, 5.9.9, 5.9.10,
5.9.11, 5.9.12, 5.9.13, 5.9.14, and 5.9.15
TIBCO EBX versions 6.0.0, 6.0.1, 6.0.2, and 6.0.3
TIBCO EBX Add-ons versions 3.20.18 and below
TIBCO EBX Add-ons versions 4.1.0, 4.2.0, 4.2.1, 4.2.2, 4.3.0, 4.3.1, 4.3.2,
4.3.3, 4.3.4, 4.4.0, 4.4.1, 4.4.2, 4.4.3, 4.5.0, 4.5.1, 4.5.2, 4.5.3, 4.5.4,
4.5.5, and 4.5.6
TIBCO EBX Add-ons versions 5.0.0, 5.0.1, 5.1.0, 5.1.1, and 5.2.0
TIBCO Product and Service Catalog powered by TIBCO EBX versions 1.1.0 and
below
The following component is affected:
* Web server
Resolution
TIBCO has released updated versions of the affected systems which address this
issue:
TIBCO EBX versions 5.8.124 and below update to version 5.8.125 or later
TIBCO EBX versions 5.9.3, 5.9.4, 5.9.5, 5.9.6, 5.9.7, 5.9.8, 5.9.9, 5.9.10,
5.9.11, 5.9.12, 5.9.13, 5.9.14, and 5.9.15 update to version 5.9.16 or later
TIBCO EBX versions 6.0.0, 6.0.1, 6.0.2, and 6.0.3 update to version 6.0.4 or
later
TIBCO EBX Add-ons versions 3.20.18 and below update to version 3.20.19 or
later
TIBCO EBX Add-ons versions 4.1.0, 4.2.0, 4.2.1, 4.2.2, 4.3.0, 4.3.1, 4.3.2,
4.3.3, 4.3.4, 4.4.0, 4.4.1, 4.4.2, 4.4.3, 4.5.0, 4.5.1, 4.5.2, 4.5.3, 4.5.4,
4.5.5, and 4.5.6 update to version 4.5.7 or later
TIBCO EBX Add-ons versions 5.0.0, 5.0.1, 5.1.0, 5.1.1, and 5.2.0 update to
version 5.2.1 or later
TIBCO Product and Service Catalog powered by TIBCO EBX versions 1.1.0 and
below update to version 1.2.0 or later
issue:
TIBCO EBX versions 5.8.124 and below update to version 5.8.125 or later
TIBCO EBX versions 5.9.3, 5.9.4, 5.9.5, 5.9.6, 5.9.7, 5.9.8, 5.9.9, 5.9.10,
5.9.11, 5.9.12, 5.9.13, 5.9.14, and 5.9.15 update to version 5.9.16 or later
TIBCO EBX versions 6.0.0, 6.0.1, 6.0.2, and 6.0.3 update to version 6.0.4 or
later
TIBCO EBX Add-ons versions 3.20.18 and below update to version 3.20.19 or
later
TIBCO EBX Add-ons versions 4.1.0, 4.2.0, 4.2.1, 4.2.2, 4.3.0, 4.3.1, 4.3.2,
4.3.3, 4.3.4, 4.4.0, 4.4.1, 4.4.2, 4.4.3, 4.5.0, 4.5.1, 4.5.2, 4.5.3, 4.5.4,
4.5.5, and 4.5.6 update to version 4.5.7 or later
TIBCO EBX Add-ons versions 5.0.0, 5.0.1, 5.1.0, 5.1.1, and 5.2.0 update to
version 5.2.1 or later
TIBCO Product and Service Catalog powered by TIBCO EBX versions 1.1.0 and
below update to version 1.2.0 or later
Additional Information
https://www.tibco.com/services/support/advisories
CVE-2022-22769
CVE-2022-22769
Feedback
Yes
No
Powered by
