Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveTibcoCVE-2022-30576
HistoryAug 16, 2022 - 6:15 p.m.

CVE-2022-30576

2022-08-1618:15:08
CWE-79
tibco
web.nvd.nist.gov
32
4
cve-2022-30576
web console
tibco software inc.
data science
workbench
statistica
estore edition
cross site scripting
xss
vulnerability

CVSS3

8.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

EPSS

0.001

Percentile

22.7%

JSON

The Web Console component of TIBCO Software Inc.'s TIBCO Data Science - Workbench, TIBCO Statistica, TIBCO Statistica - Estore Edition, and TIBCO Statistica Trial contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Data Science - Workbench: versions 14.0.0 and below, TIBCO Statistica: versions 14.0.0 and below, TIBCO Statistica - Estore Edition: versions 14.0.0 and below, and TIBCO Statistica Trial: versions 14.0.0 and below.

Affected configurations

Nvd
Node
tibcodata_science_-_workbenchRange<14.0.1
OR
tibcostatisticaRange<14.0.1-
OR
tibcostatisticaRange<14.0.1estore
OR
tibcostatisticaRange<14.0.1trial
VendorProductVersionCPE
tibcodata_science_-_workbench*cpe:2.3:a:tibco:data_science_-_workbench:*:*:*:*:*:*:*:*
tibcostatistica*cpe:2.3:a:tibco:statistica:*:*:*:*:-:*:*:*
tibcostatistica*cpe:2.3:a:tibco:statistica:*:*:*:*:estore:*:*:*
tibcostatistica*cpe:2.3:a:tibco:statistica:*:*:*:*:trial:*:*:*

CNA Affected

[
  {
    "product": "TIBCO Data Science - Workbench",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "lessThanOrEqual": "14.0.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "TIBCO Statistica",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "lessThanOrEqual": "14.0.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "TIBCO Statistica - Estore Edition",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "lessThanOrEqual": "14.0.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "TIBCO Statistica Trial",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "lessThanOrEqual": "14.0.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Social References

More

Related

nvd 1
prion 1
cvelist 1
nvd
nvd
CVE-2022-30576
2022-08-16 18:15:08
prion
prion
Cross site scripting
2022-08-16 18:15:00
cvelist
cvelist
CVE-2022-30576 TIBCO Statistica Stored Cross Site Scripting (XSS) Vulnerability
2022-08-16 17:55:23

CVSS3

8.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

EPSS

0.001

Percentile

22.7%

JSON
Related for CVE-2022-30576
nvd1prion1cvelist1