Lucene search

TibcoCVELIST:CVE-2021-23272

HistoryJan 26, 2021 - 6:15 p.m.

CVE-2021-23272 TIBCO BPM Cross Site Scripting (XSS)

2021-01-2618:15:13

tibco

www.cve.org

cve-2021-23272

tibco software inc.

cross site scripting

application development clients

tibco bpm enterprise

tibco silver fabric

vulnerability

CVSS3

4.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

EPSS

0.001

Percentile

22.7%

JSON

The Application Development Clients component of TIBCO Software Inc.'s TIBCO BPM Enterprise and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a Cross Site Scripting (XSS) attack on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO BPM Enterprise: versions 4.3.0 and below and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric: versions 4.3.0 and below.

CNA Affected

[
  {
    "product": "TIBCO BPM Enterprise",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "lessThanOrEqual": "4.3.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "lessThanOrEqual": "4.3.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.tibco.com/services/support/advisories