Lucene search

TibcoCVELIST:CVE-2019-17330

HistoryNov 12, 2019 - 7:15 p.m.

CVE-2019-17330 TIBCO EBX Exposes Multiple Cross-Site Scripting Vulnerabilities

2019-11-1219:15:56

tibco

www.cve.org

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.002

Percentile

55.3%

JSON

The Web server component of TIBCO Software Inc.'s TIBCO EBX contains multiple vulnerabilities that theoretically allow authenticated users to perform stored cross-site scripting (XSS) attacks, and unauthenticated users to perform reflected cross-site scripting attacks. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions up to and including 5.8.1.fixR, versions 5.9.3, 5.9.4, 5.9.5, and 5.9.6.

CNA Affected

[
  {
    "product": "TIBCO EBX",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "lessThanOrEqual": "5.8.1.fixR",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "5.9.3"
      },
      {
        "status": "affected",
        "version": "5.9.4"
      },
      {
        "status": "affected",
        "version": "5.9.5"
      },
      {
        "status": "affected",
        "version": "5.9.6"
      }
    ]
  }
]

References

www.tibco.com/services/support/advisories

www.tibco.com/support/advisories/2019/11/tibco-security-advisory-november-12-2019-tibco-ebx-2019-17330

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.002

Percentile

55.3%

JSON

Related for CVELIST:CVE-2019-17330