CVE-2019-17339

Name of the Vulnerable Software and Affected Versions TIBCO Silver Fabric versions 6.0.0 and below

Description The VirtualRouter component of TIBCO Software Inc.'s TIBCO Silver Fabric contains an issue that theoretically allows an attacker to inject scripts via URLs. An attacker could social engineer an authenticated user into submitting the URL, thus executing the script on the affected system with the privileges of the user.

Recommendations For versions 6.0.0 and below, update to a version above 6.0.0 to resolve the issue. As a temporary workaround, consider restricting access to the VirtualRouter component to minimize the risk of exploitation. Avoid using URLs that could potentially be used to inject scripts until the issue is resolved.