PT-2019-12181 · Tibco · Tibco Activematrix Bpm Distribution For Tibco Silver Fabric+2

Published

2019-04-24

Updated

2021-11-06

CVE-2019-11203

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions TIBCO ActiveMatrix BPM versions up to and including 4.2.0 TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric versions up to and including 4.2.0 TIBCO Silver Fabric Enabler for ActiveMatrix BPM versions up to and including 1.4.1

Description The issue affects the workspace client, openspace client, app development client, and REST API of the mentioned TIBCO products, involving cross-site scripting (XSS) and cross-site request forgery vulnerabilities.

Recommendations For TIBCO ActiveMatrix BPM versions up to and including 4.2.0, update to a version later than 4.2.0. For TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric versions up to and including 4.2.0, update to a version later than 4.2.0. For TIBCO Silver Fabric Enabler for ActiveMatrix BPM versions up to and including 1.4.1, update to a version later than 1.4.1.

Fix

CSRF

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352CWE-79

Related Identifiers

CVE-2019-11203

Affected Products

Tibco Activematrix Bpm

Tibco Activematrix Bpm Distribution For Tibco Silver Fabric

Tibco Silver Fabric Enabler For Activematrix Bpm

PT-2019-12181 · Tibco · Tibco Activematrix Bpm Distribution For Tibco Silver Fabric+2

CVE-2019-11203

Weakness Enumeration

Related Identifiers

Affected Products

References · 5