CVE-2020-27146

Name of the Vulnerable Software and Affected Versions TIBCO iProcess Workspace (Browser) versions 11.6.0 and below

Description The Core component of TIBCO Software Inc.'s TIBCO iProcess Workspace (Browser) contains an issue that theoretically allows an unauthenticated attacker with network access to execute a Cross Site Request Forgery (CSRF) attack on the affected system. A successful attack using this issue requires human interaction from an authenticated user other than the attacker.

Recommendations For versions 11.6.0 and below, update to a version above 11.6.0 to resolve the issue. As a temporary workaround, consider implementing additional security measures to prevent CSRF attacks, such as validating request origins and using anti-CSRF tokens. Restrict access to the affected system to minimize the risk of exploitation.