PT-2021-15425 · Tibco Software · Tibco Bpm Enterprise+1
Published
2021-01-26
·
Updated
2021-02-03
·
CVE-2021-23272
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
TIBCO BPM Enterprise versions 4.3.0 and below
TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric versions 4.3.0 and below
Description
The Application Development Clients component of TIBCO Software Inc.'s TIBCO BPM Enterprise and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a Cross Site Scripting (XSS) attack on the affected system.
Recommendations
For TIBCO BPM Enterprise versions 4.3.0 and below, update to a version above 4.3.0 to resolve the issue.
For TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric versions 4.3.0 and below, update to a version above 4.3.0 to resolve the issue.
As a temporary workaround, consider restricting network access to the affected system to minimize the risk of exploitation.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tibco Bpm Enterprise
Tibco Bpm Enterprise Distribution For Tibco Silver Fabric