CVE-2019-17332

Name of the Vulnerable Software and Affected Versions TIBCO EBX Add-ons versions up to and including 3.20.13 TIBCO EBX Add-ons versions 4.1.0 through 4.2.2

Description The Digital Asset Manager Web Interface component contains a vulnerability that theoretically allows authenticated users to perform stored cross-site scripting (XSS) attacks.

Recommendations For TIBCO EBX Add-ons versions up to and including 3.20.13, update to a version later than 3.20.13 to resolve the issue. For TIBCO EBX Add-ons versions 4.1.0 through 4.2.2, update to a version later than 4.2.2 to resolve the issue. As a temporary workaround, consider restricting access to the Digital Asset Manager Web Interface component until a patch is available.