Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistTibcoCVELIST:CVE-2021-28827
HistoryApr 20, 2021 - 6:30 p.m.

CVE-2021-28827 TIBCO Administrator Stored Cross Site Scripting vulnerability

2021-04-2018:30:17
tibco
www.cve.org
1
tibco
administrator
cross site scripting
vulnerability
enterprise edition
silver fabric
z/linux
runtime agent

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L

AI Score

9.1

Confidence

High

EPSS

0.002

Percentile

59.7%

JSON

The Administration GUI component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition for z/Linux, TIBCO Administrator - Enterprise Edition for z/Linux, TIBCO Runtime Agent, TIBCO Runtime Agent, TIBCO Runtime Agent for z/Linux, and TIBCO Runtime Agent for z/Linux contains an easily exploitable vulnerability that allows an unauthenticated attacker to social engineer a legitimate user with network access to execute a Stored XSS attack targeting the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition: versions 5.11.0 and 5.11.1, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric: versions 5.11.0 and 5.11.1, TIBCO Administrator - Enterprise Edition for z/Linux: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition for z/Linux: versions 5.11.0 and 5.11.1, TIBCO Runtime Agent: versions 5.10.2 and below, TIBCO Runtime Agent: versions 5.11.0 and 5.11.1, TIBCO Runtime Agent for z/Linux: versions 5.10.2 and below, and TIBCO Runtime Agent for z/Linux: versions 5.11.0 and 5.11.1.

CNA Affected

[
  {
    "product": "TIBCO Administrator - Enterprise Edition",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "lessThanOrEqual": "5.10.2",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "TIBCO Administrator - Enterprise Edition",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "5.11.0"
      },
      {
        "status": "affected",
        "version": "5.11.1"
      }
    ]
  },
  {
    "product": "TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "lessThanOrEqual": "5.10.2",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "5.11.0"
      },
      {
        "status": "affected",
        "version": "5.11.1"
      }
    ]
  },
  {
    "product": "TIBCO Administrator - Enterprise Edition for z/Linux",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "lessThanOrEqual": "5.10.2",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "TIBCO Administrator - Enterprise Edition for z/Linux",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "5.11.0"
      },
      {
        "status": "affected",
        "version": "5.11.1"
      }
    ]
  },
  {
    "product": "TIBCO Runtime Agent",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "lessThanOrEqual": "5.10.2",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "TIBCO Runtime Agent",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "5.11.0"
      },
      {
        "status": "affected",
        "version": "5.11.1"
      }
    ]
  },
  {
    "product": "TIBCO Runtime Agent for z/Linux",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "lessThanOrEqual": "5.10.2",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "TIBCO Runtime Agent for z/Linux",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "5.11.0"
      },
      {
        "status": "affected",
        "version": "5.11.1"
      }
    ]
  }
]

Related

tibco 2
prion 1
nvd 1
cve 1
tibco
tibco
TIBCO Security Advisory: April 20, 2021 - TIBCO Administrator - Enterprise Edition -2021-28827
2021-04-15 22:32:00
TIBCO Security Advisory: April 20, 2021 - TIBCO Administrator - Enterprise Edition -2021-28827
2021-04-15 22:32:00
prion
prion
Design/Logic Flaw
2021-04-20 19:15:00
nvd
nvd
CVE-2021-28827
2021-04-20 19:15:09
cve
cve
CVE-2021-28827
2021-04-20 19:15:09

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L

AI Score

9.1

Confidence

High

EPSS

0.002

Percentile

59.7%

JSON
Related for CVELIST:CVE-2021-28827
tibco2prion1nvd1cve1