CVE-2021-35499

Name of the Vulnerable Software and Affected Versions: TIBCO Nimbus versions 10.4.0 and below

Description: The Web Reporting component of TIBCO Software Inc.'s TIBCO Nimbus contains easily exploitable Stored Cross Site Scripting (XSS) vulnerabilities. These vulnerabilities allow a low privileged attacker to social engineer a legitimate user with network access to execute scripts targeting the affected system or the victim's local system. A successful attack using this vulnerability requires human interaction from a person other than the attacker.

Recommendations: For versions 10.4.0 and below, update to a version above 10.4.0 to mitigate the risk of Stored Cross Site Scripting (XSS) vulnerabilities. As a temporary workaround, consider restricting access to the Web Reporting component until a patch is available. Avoid using the Web Reporting component for sensitive operations until the issue is resolved.