PT-2019-19298 · Tibco · Tibco Activematrix Bpm Distribution For Tibco Silver Fabric+2
Published
2019-04-24
·
Updated
2022-10-14
·
CVE-2019-8995
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
TIBCO ActiveMatrix BPM versions up to and including 4.2.0
TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric versions up to and including 4.2.0
TIBCO Silver Fabric Enabler for ActiveMatrix BPM versions up to and including 1.4.1
Description
The issue allows a malicious URL to trick a user into visiting a website of the attacker's choice. This affects the workspace client, openspace client, and app development client of the mentioned TIBCO products.
Recommendations
For TIBCO ActiveMatrix BPM versions up to and including 4.2.0, update to a version later than 4.2.0 to resolve the issue.
For TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric versions up to and including 4.2.0, update to a version later than 4.2.0 to resolve the issue.
For TIBCO Silver Fabric Enabler for ActiveMatrix BPM versions up to and including 1.4.1, update to a version later than 1.4.1 to resolve the issue.
Fix
Open Redirect
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tibco Activematrix Bpm
Tibco Activematrix Bpm Distribution For Tibco Silver Fabric
Tibco Silver Fabric Enabler For Activematrix Bpm