CVE-2021-35493

Name of the Vulnerable Software and Affected Versions: TIBCO WebFOCUS Client versions 8207.27.0 and below TIBCO WebFOCUS Installer versions 8207.27.0 and below TIBCO WebFOCUS Reporting Server versions 8207.27.0 and below

Description: The WebFOCUS Reporting Server and WebFOCUS Client components contain easily exploitable Stored and Reflected Cross Site Scripting (XSS) vulnerabilities. These vulnerabilities allow a low privileged attacker to social engineer a legitimate user with network access to execute scripts targeting the affected system or the victim's local system. A successful attack using this vulnerability requires human interaction from a person other than the attacker.

Recommendations: For TIBCO WebFOCUS Client versions 8207.27.0 and below, update to a version above 8207.27.0 to resolve the issue. For TIBCO WebFOCUS Installer versions 8207.27.0 and below, update to a version above 8207.27.0 to resolve the issue. For TIBCO WebFOCUS Reporting Server versions 8207.27.0 and below, update to a version above 8207.27.0 to resolve the issue. As a temporary workaround, consider restricting access to the WebFOCUS Reporting Server and WebFOCUS Client components to minimize the risk of exploitation.