PT-2020-9906 · Tibco Software · Tibco Ebx
Published
2020-02-19
·
Updated
2020-02-26
·
CVE-2019-17333
CVSS v3.1
8.0
High
| Vector | AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
TIBCO EBX versions 5.8.1.fixS and below
TIBCO EBX versions 5.9.3 through 5.9.7
Description
The Web server component of TIBCO Software Inc.'s TIBCO EBX contains a vulnerability that theoretically allows authenticated users to perform stored cross-site scripting (XSS) attacks.
Recommendations
For TIBCO EBX versions 5.8.1.fixS and below, update to a version above 5.8.1.fixS to resolve the issue.
For TIBCO EBX versions 5.9.3 through 5.9.7, consider disabling the Web server component as a temporary workaround until a patch is available.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tibco Ebx