Cloud Software Group, Inc.TIBCO:TIBCO-IPROCESS-WORKSPACEBROWSERTIBCO Security Advisory: November 10, 2020 - TIBCO iProcess WorkspaceBrowser
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
30.9%
TIBCO iProcess Workspace Browser CSRF
Original release date: November 10, 2020
Lastrevised:
CVE-2020-27146
Source: TIBCO SoftwareInc.
TIBCO iProcess Workspace Browser CSRF
Original release date: November 10, 2020
Last revised: —
Source: TIBCO Software Inc.
Systems Affected
TIBCO iProcess Workspace (Browser) versions 11.6.0 and below
The following component is affected:
- Core
Description
The component listed above contains a vulnerability that theoretically allows
an unauthenticated attacker with network access to execute a Cross Site
Request Forgery (CSRF) attack on the affected system. A successful attack
using this vulnerability requires human interaction from an authenticated user
other than the attacker.
Impact
Successful execution of this vulnerability can result in unauthorized read,
update, insert or delete access to some of the data in the affected system.
CVSS v3 Base Score: 5.0 (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)
Solution
TIBCO has released updated versions of the affected systems which address this
issue:
TIBCO iProcess Workspace (Browser) versions 11.6.0 and below update to
version 11.8.0 or higher
References
http://www.tibco.com/services/support/advisories
CVE-2020-27146
The information on this page is being provided to you on an"AS IS" and “AS-AVAILABLE” basis. The issues described on this page may or may not impact your system(s). TIBCO makes no representations, warranties, or guarantees as to the information contained herein.ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE ARE HEREBY DISCLAIMED.BY ACCESSING THIS DOCUMENT YOU ACKNOWLEDGE THAT TIBCO SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE OUT OF YOUR USE OR FAILURE TO USE THE INFORMATIONCONTAINED HEREIN. The information on this page is being provided to you under the terms of your license and/or services agreement with TIBCO, and may be used only for the purposes contemplated by the agreement. If you donot have such an agreement with TIBCO, this information is provided under the TIBCO.com Terms of Use, and may be used only for the purposes contemplated by such Terms ofUse.
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
30.9%