PT-2019-15092 · Tibco Software · Tibco Ebx Add-Ons

Publicado

2019-11-12

Atualizado

2019-11-15

CVE-2019-17331

CVSS v3.1

7.3

Alta

Vetor

AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions TIBCO EBX Add-ons versions up to and including 3.20.13 TIBCO EBX Add-ons version 4.1.0

Description The Data Exchange Web Interface component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an issue that theoretically allows authenticated users to perform stored cross-site scripting (XSS) attacks.

Recommendations For TIBCO EBX Add-ons versions up to and including 3.20.13, update to a version later than 3.20.13 to resolve the issue. For TIBCO EBX Add-ons version 4.1.0, consider disabling the Data Exchange Web Interface component as a temporary workaround until a patch is available.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2019-17331

Produtos afetados

Tibco Ebx Add-Ons

PT-2019-15092 · Tibco Software · Tibco Ebx Add-Ons

CVE-2019-17331

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4